Lucene search

[email protected]CVE-2004-2524

HistoryOct 25, 2005 - 4:00 a.m.

CVE-2004-2524

2005-10-2504:00:00

[email protected]

web.nvd.nist.gov

cve

security

vulnerability

plaintext credentials

remote attackers

whm autopilot

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.7%

JSON

clogin.php in Benchmark Designs’ WHM AutoPilot 2.4.5 and earlier allows remote attackers to obtain plaintext username and password credentials by using the clogin_e and base64_encode functions to encode the desired user ID in the c parameter, then read the plaintext values in the resulting form.

Affected configurations

NVD

Node

whm_autopilotwhm_autopilotMatch2.4.5

CPENameOperatorVersion
whm_autopilot:whm_autopilotwhm autopiloteq2.4.5

CPE	Name	Operator	Version
whm_autopilot:whm_autopilot	whm autopilot	eq	2.4.5

References

archives.neohapsis.com/archives/fulldisclosure/2004-07/1310.html

secunia.com/advisories/12200

securitytracker.com/id?1010833

www.osvdb.org/8279

www.securityfocus.com/bid/10846

exchange.xforce.ibmcloud.com/vulnerabilities/16849

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.7%

JSON

Related for CVE-2004-2524

cvelist1 nvd1