CVE-2002-0324

Name of the Vulnerable Software and Affected Versions Greymatter versions 1.21c and earlier

Description The issue allows remote attackers to read a cleartext password and gain administrative privileges. This is achieved by guessing the name of a gmrightclick-*.reg file, which contains the administrator name and password in cleartext, and then retrieving the file from the web server before the Greymatter administrator performs a "Clear And Exit" action.

Recommendations For Greymatter versions 1.21c and earlier, consider disabling the Bookmarklet feature until a fix is available to prevent exploitation. Additionally, restrict access to gmrightclick-*.reg files to minimize the risk of unauthorized access to administrative credentials.