PT-2006-4693 · Ej3 · Ej3 Topo

Attila Gerendi

Published

2006-07-25

Updated

2018-10-17

CVE-2006-3834

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions EJ3 TOPo version 2.2.178

Description The issue allows context-dependent attackers to obtain entry passwords via log files, referrers, or other vectors because the password is included in cleartext in the ID field to "index.php".

Recommendations For version 2.2.178, consider restricting access to the "index.php" endpoint until a fix is available to prevent the exposure of passwords in cleartext.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3834

Affected Products

Ej3 Topo

PT-2006-4693 · Ej3 · Ej3 Topo

CVE-2006-3834

Related Identifiers

Affected Products

References · 3