CVE-2002-1470

Name of the Vulnerable Software and Affected Versions SHOUTcast versions 1.8.9 and earlier

Description The issue allows local users to obtain the cleartext administrative password by sending a GET request to port 8001. This causes the password to be logged in the world-readable sc serv.log file.

Recommendations For SHOUTcast versions 1.8.9 and earlier, as a temporary workaround, consider restricting access to the sc serv.log file until a patch is available. Additionally, avoid using the administrative password for other services and consider changing it to minimize potential damage. At the moment, there is no information about a newer version that contains a fix for this vulnerability.