RCBlog data Directory Direct Access User Account Information Disclosure

2006-01-19T08:02:34
ID OSVDB:22679
Type osvdb
Reporter Aliaksandr Hartsuyeu(alex@evuln.com)
Modified 2006-01-19T08:02:34

Description

Vulnerability Description

RCBlog contains a flaw that may lead to an unauthorized information disclosure including unauthorized password exposure. The issue is triggered by a request in the /config/ or /data/ directories, which may disclose sensitive information including encrypted passwords, resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

RCBlog contains a flaw that may lead to an unauthorized information disclosure including unauthorized password exposure. The issue is triggered by a request in the /config/ or /data/ directories, which may disclose sensitive information including encrypted passwords, resulting in a loss of confidentiality.

References:

Vendor URL: http://www.fluffington.com/ Security Tracker: 1015523 Secunia Advisory ID:18547 Related OSVDB ID: 22681 Related OSVDB ID: 22680 Other Advisory URL: http://evuln.com/vulns/42/summary.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-01/0370.html Keyword: EV0042 CVE-2006-0370