PT-2002-2779 · Teekai · Teekai Tracking Online
Published
2002-12-31
·
Updated
2024-02-09
·
CVE-2002-2058
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
TeeKai Tracking Online version 1.0
Description
The issue concerns the weak encryption of web usage statistics stored in the data/userlog/log.txt file. This weakness allows remote attackers to identify the IP addresses of visitors to the site. The encryption method involves dividing each octet by the MD5 hash of '20', which is considered insecure.
Recommendations
For TeeKai Tracking Online version 1.0, consider disabling access to the data/userlog/log.txt file until a secure encryption method is implemented to protect web usage statistics. Restrict access to this file to minimize the risk of IP address identification by remote attackers.
Exploit
Fix
Use of a Broken Cryptographic Algorithm
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Teekai Tracking Online