PT-2002-1587 · Stepweb · Stepweb Search Engine

Published

2002-06-11

Updated

2008-09-05

CVE-2002-0537

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions StepWeb Search Engine (SWS) version 2.5

Description The issue concerns the storage of passwords in links to manager.pl within the admin.html file, allowing remote attackers who can access the admin.html file to gain administrative privileges to SWS.

Recommendations For SWS version 2.5, consider restricting access to the admin.html file and the manager.pl script to minimize the risk of exploitation. As a temporary workaround, avoid using the admin.html file until a secure method of password storage is implemented.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0537

Affected Products

Stepweb Search Engine

PT-2002-1587 · Stepweb · Stepweb Search Engine

CVE-2002-0537

Related Identifiers

Affected Products

References · 4