aeNovo Cleartext Password Storage

2005-10-07T11:22:24
ID OSVDB:19939
Type osvdb
Reporter DevilBox(devil_box@kapda.ir), Farhad Koosha(farhadkey@kapda.ir)
Modified 2005-10-07T11:22:24

Description

Vulnerability Description

aeNovo contains a flaw that may lead to an unauthorized password exposure. The problem is that the application stores cleartext passwords in the 'control', 'content', and 'pages' tables, which may lead to a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

aeNovo contains a flaw that may lead to an unauthorized password exposure. The problem is that the application stores cleartext passwords in the 'control', 'content', and 'pages' tables, which may lead to a loss of confidentiality.

References:

Vendor URL: http://www.aenovo.co.uk/ Secunia Advisory ID:17117 Related OSVDB ID: 19936 Related OSVDB ID: 19937 Related OSVDB ID: 19938 Other Advisory URL: http://www.kapda.ir/advisory-78.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-10/0080.html Keyword: KAPDA::#3 ISS X-Force ID: 22549 CVE-2005-3209