PT-2002-2522 · Phprank · Phprank
Published
2002-12-31
·
Updated
2024-02-10
·
CVE-2002-1800
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
phpRank version 1.8
Description
The issue allows remote attackers to retrieve the administrative password because it is stored in plaintext on the server and in the
ap cookie.Recommendations
For phpRank version 1.8, consider disabling the use of the
ap cookie or restricting access to the administrative interface until a secure method of storing passwords is implemented. Avoid using plaintext storage for sensitive information like administrative passwords.Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phprank