Campsite notifyendsubs Cleartext MySQL Password Disclosure

2005-11-10T04:17:36
ID OSVDB:20698
Type osvdb
Reporter OSVDB
Modified 2005-11-10T04:17:36

Description

Vulnerability Description

Campsite contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to mysql root password by sniffing outgoing emails sent by notifyendsubs, which may lead to a loss of confidentiality.

Solution Description

Upgrade to version 2.3.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Campsite contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to mysql root password by sniffing outgoing emails sent by notifyendsubs, which may lead to a loss of confidentiality.

References:

Vendor URL: http://campsite.campware.org/ Vendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/ticket/1497 Vendor Specific News/Changelog Entry: http://code.campware.org/projects/campsite/file/tags/CAMPSITE_2_3_3/campsite/ChangeLog Secunia Advisory ID:17528 ISS X-Force ID: 23106 CVE-2005-4661