PT-2005-2585 · Psoft · H-Sphere Winbox

Published

2005-05-16

Updated

2017-07-11

CVE-2005-1606

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions H-Sphere Winbox versions 2.4.2 through 2.4.3 RC1

Description The issue allows local users to gain privileges by accessing sensitive information stored in plaintext in world-readable log files. This information includes username and password.

Recommendations For versions 2.4.2 and 2.4.3 RC1, consider restricting access to the log files to prevent unauthorized users from reading sensitive information. As a temporary workaround, restrict write access to the log files to minimize the risk of exposing sensitive data.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-1606

Affected Products

H-Sphere Winbox

PT-2005-2585 · Psoft · H-Sphere Winbox

CVE-2005-1606

Related Identifiers

Affected Products

References · 8