CVE-2010-5092

Name of the Vulnerable Software and Affected Versions SilverStripe version 2.4.0

Description The issue concerns the Add Member dialog in the Security admin page, where user passwords are saved in plaintext. This allows local users to obtain sensitive information by reading the database.

Recommendations For SilverStripe version 2.4.0, consider updating the password storage mechanism to hash and salt passwords instead of storing them in plaintext, or apply a configuration change to securely store user credentials. At the moment, there is no information about a newer version that contains a fix for this vulnerability.