CVE-2011-0436

Name of the Vulnerable Software and Affected Versions Domain Technologie Control (DTC) versions prior to 0.32.9

Description The issue concerns multiple vulnerabilities in the DTC package of the Debian GNU/Linux operating system, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. Specifically, the register user function in client/new account form.php includes a cleartext password in an email message, making it easier for remote attackers to obtain sensitive information by sniffing the network.

Recommendations For versions prior to 0.32.9, update to version 0.32.9 or later to resolve the issue. As a temporary workaround, consider disabling the register user function in client/new account form.php to minimize the risk of exploitation. Restrict access to the client/new account form.php file to prevent unauthorized access.