CVE-2002-2057

Name of the Vulnerable Software and Affected Versions TeeKai Forum version 1.2

Description The issue concerns the weak encryption of web usage statistics stored in the data/member log.txt file. This file is located under the web document root with insufficient access control, allowing remote attackers to access it. By exploiting this, attackers can identify the IP addresses of visitors to the site. The encryption method used involves dividing each octet of the IP address by the MD5 hash of the string '20'.

Recommendations For TeeKai Forum version 1.2, consider restricting access to the data/member log.txt file to minimize the risk of exploitation. As a temporary workaround, limit the information stored in this file or implement proper access controls to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.