Lucene search
AttackerKBAKB:8E6C800C-0C6A-4B6C-B8EB-DE019475C34EHistoryMar 09, 2017 - 12:00 a.m.
CVE-2017-6528
2017-03-0900:00:00
attackerkb.com
13
EPSS
0.016
Percentile
87.6%
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file).
Recent assessments:
h00die at March 27, 2020 4:11pm UTC reported:
/home/dna/spool/.pfile is the database file for users. It is a tab delimited file, and by default passwords are kept in cleartext. An option is available to hash the passwords (MD5 I believe), however it is not the default. The configuration we found in live tested included several admin accounts for the software developer. No patch was available or would be created when the developer was notified.
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5
Related
prion
prion
Design/Logic Flaw
2017-03-09 19:59:00
nvd
nvd
CVE-2017-6528
2017-03-09 19:59:00
cvelist
cvelist
CVE-2017-6528
2017-03-09 19:00:00
cve
cve
CVE-2017-6528
2017-03-09 19:59:00
attackerkb
attackerkb
CVE-2017-6527
2017-03-09 00:00:00
packetstorm
packetstorm
dnaLIMS Code Execution / XSS / Traversal / Session Hijacking
2017-03-10 00:00:00
zdt
zdt
dnaLIMS Code Execution / XSS / Traversal / Session Hijacking Vulnerabilities
2017-03-10 00:00:00
exploitpack
exploitpack
exploitdb
exploitdb
openvas
openvas
dnaLIMS Multiple Security Vulnerabilities
2017-03-13 00:00:00
seebug
seebug
dnaLIMS Code Execution / XSS / Traversal / Session Hijacking (CVE-2017-6526)
2017-04-10 00:00:00