PT-2010-1940 · Mysqldump+1 · Mysqldump+1

Published

2010-03-12

Updated

2018-10-10

CVE-2010-0124

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Employee Timeclock Software version 0.99

Description The issue allows local users to obtain sensitive information, specifically the database password, by listing the process. This is because the database password is placed on the mysqldump command line.

Recommendations For Employee Timeclock Software version 0.99, consider modifying the command line to avoid placing the database password in plain text, or use alternative methods to secure the password, such as environment variables or secure configuration files. As a temporary workaround, restrict access to the process list to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2010-0124

Affected Products

Employee Timeclock

Mysqldump

PT-2010-1940 · Mysqldump+1 · Mysqldump+1

CVE-2010-0124

Weakness Enumeration

Related Identifiers

Affected Products

References · 7