PT-2011-3641 · Smartertools · Smarterstats

Published

2011-05-20

Updated

2017-08-29

CVE-2011-2153

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterStats version 6.0

Description The issue allows context-dependent attackers to discover credentials by reading web-server access logs, web-server Referer logs, or the browser history, due to the support of URLs containing txtUser and txtPass parameters in the query string in the Login.aspx page. This is related to a "cross-domain Referer leakage" issue.

Recommendations For SmarterTools SmarterStats version 6.0, consider restricting access to the Login.aspx page to minimize the risk of exploitation, and avoid using the txtUser and txtPass parameters in the query string until the issue is resolved.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2011-2153

Affected Products

Smarterstats

PT-2011-3641 · Smartertools · Smarterstats

CVE-2011-2153

Weakness Enumeration

Related Identifiers

Affected Products

References · 6