Cerberus Helpdesk on Version 4.2.3 Stable (Build 925) and 5.4.4 and potentially below, contain an unsecured file which contains configuration details including all user’s usernames and password hashes.
h00die at March 25, 2020 12:30am UTC reported:
Found this software in an enterprise environment. The
/storage/tmp/zend_cache---ch_workersfiles contain lots of data, however the only things of value are a list of usernames and password hashes. When found in an enterprise, this gave us over 200 MD5 hashes, which was a huge win. Never seen the software before or after though.
Assessed Attacker Value: 3
Assessed Attacker Value: 5