TinyPHPForum /users/ Directory User Information Disclosure

2006-01-05T14:18:17
ID OSVDB:22257
Type osvdb
Reporter Aliaksandr Hartsuyeu(alex@evuln.com)
Modified 2006-01-05T14:18:17

Description

Vulnerability Description

TinyPHPForum contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a URL requesting confidential user information from the /users/ directory occurs, which will disclose their password hash and other information, resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

TinyPHPForum contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a URL requesting confidential user information from the /users/ directory occurs, which will disclose their password hash and other information, resulting in a loss of confidentiality.

References:

Vendor URL: http://www.ralpharama.co.uk/tpf/ Security Tracker: 1015436 Secunia Advisory ID:18293 Related OSVDB ID: 22256 Related OSVDB ID: 22258 Other Advisory URL: http://www.evuln.com/vulns/14/summary.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0341.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-01/0065.html Keyword: EV0014 FrSIRT Advisory: ADV-2006-0054 CVE-2006-0103 Bugtraq ID: 16163