PT-2006-5759 · Contentkeeper · Contentkeeper

Patrick Webster

Published

2006-09-27

Updated

2018-10-17

CVE-2006-5018

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions ContentKeeper versions 123.25 and earlier

Description The issue allows remote authenticated users to obtain passwords in cleartext via the /cgi-bin/ck/changepw.cgi API endpoint. This occurs because passwords are placed in cleartext in an INPUT element.

Recommendations For versions 123.25 and earlier, consider restricting access to the /cgi-bin/ck/changepw.cgi API endpoint until a fix is available. As a temporary workaround, avoid using the changepw.cgi endpoint to minimize the risk of password exposure.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-5018

Affected Products

Contentkeeper

PT-2006-5759 · Contentkeeper · Contentkeeper

CVE-2006-5018

Related Identifiers

Affected Products

References · 7