Kayako LiveResponse index.php Cleartext Password Disclosure

2005-07-30T05:10:46
ID OSVDB:18398
Type osvdb
Reporter James Bercegay()
Modified 2005-07-30T05:10:46

Description

Vulnerability Description

Kayako LiveResponse contains a flaw that may lead to an unauthorized password exposure. The passwords are sent in plain text in the URL when logging into the application, which may lead to a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Kayako LiveResponse contains a flaw that may lead to an unauthorized password exposure. The passwords are sent in plain text in the URL when logging into the application, which may lead to a loss of confidentiality.

Manual Testing Notes

http://[target]/index.php?_a=staffsession&_m=start&login=1&username=admin&password=james

References:

Vendor URL: http://www.kayako.com/ Secunia Advisory ID:16286 Related OSVDB ID: 18397 Related OSVDB ID: 18399 Related OSVDB ID: 18395 Related OSVDB ID: 18396 Other Advisory URL: http://www.gulftech.org/?node=research&article_id=00092-07302005 Nessus Plugin ID:19335 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0516.html CVE-2005-2462 Bugtraq ID: 14425