PT-2005-5523 · Xwiki · Xwiki

Published

2005-12-31

Updated

2008-09-05

CVE-2005-4862

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: XWiki version 0.9.793

Description: The search functionality in the software indexes cleartext user passwords. This allows remote attackers to obtain sensitive information via a search string that matches a password.

Recommendations: For XWiki version 0.9.793, update to a version where the search functionality does not index cleartext user passwords to prevent remote attackers from obtaining sensitive information.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2005-4862

Affected Products

Xwiki

PT-2005-5523 · Xwiki · Xwiki

CVE-2005-4862

Weakness Enumeration

Related Identifiers

Affected Products

References · 3