Hosting Controller forum.mdb Remote User Credential Disclosure
2006-04-07T05:17:41
ID OSVDB:24447 Type osvdb Reporter Syst3m_f4ult() Modified 2006-04-07T05:17:41
Description
Vulnerability Description
Hosting Controller contains a flaw that may lead to an unauthorized information disclosure. The issue is caused due to user credentials being stored in the "forum/db/forum.mdb" database file inside the web root, which will disclose the administrator's username and password, resulting in a loss of confidentiality.
Solution Description
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Short Description
Hosting Controller contains a flaw that may lead to an unauthorized information disclosure. The issue is caused due to user credentials being stored in the "forum/db/forum.mdb" database file inside the web root, which will disclose the administrator's username and password, resulting in a loss of confidentiality.
{"type": "osvdb", "published": "2006-04-07T05:17:41", "href": "https://vulners.com/osvdb/OSVDB:24447", "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/", "score": 7.8}, "viewCount": 1, "edition": 1, "reporter": "Syst3m_f4ult()", "title": "Hosting Controller forum.mdb Remote User Credential Disclosure", "affectedSoftware": [{"operator": "eq", "version": "6.1", "name": "Hosting Controller"}], "enchantments": {"score": {"value": 5.3, "vector": "NONE", "modified": "2017-04-28T13:20:21", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-1764"]}], "modified": "2017-04-28T13:20:21", "rev": 2}, "vulnersScore": 5.3}, "references": [], "id": "OSVDB:24447", "lastseen": "2017-04-28T13:20:21", "cvelist": ["CVE-2006-1764"], "modified": "2006-04-07T05:17:41", "description": "## Vulnerability Description\nHosting Controller contains a flaw that may lead to an unauthorized information disclosure. The issue is caused due to user credentials being stored in the \"forum/db/forum.mdb\" database file inside the web root, which will disclose the administrator's username and password, resulting in a loss of confidentiality.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nHosting Controller contains a flaw that may lead to an unauthorized information disclosure. The issue is caused due to user credentials being stored in the \"forum/db/forum.mdb\" database file inside the web root, which will disclose the administrator's username and password, resulting in a loss of confidentiality.\n## Manual Testing Notes\nhttp://[target]/forum/db/forum.mdb\n## References:\nVendor URL: http://hostingcontroller.com/\n[Secunia Advisory ID:19569](https://secuniaresearch.flexerasoftware.com/advisories/19569/)\nFrSIRT Advisory: ADV-2006-1268\n[CVE-2006-1764](https://vulners.com/cve/CVE-2006-1764)\n", "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:27:19", "description": "Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. NOTE: the provenance of this information is unknown; the details are obtained from third party information.", "edition": 6, "cvss3": {}, "published": "2006-04-13T01:06:00", "title": "CVE-2006-1764", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-1764"], "modified": "2011-03-08T02:33:00", "cpe": ["cpe:/a:hosting_controller:hosting_controller:6.1", "cpe:/a:hosting_controller:hosting_controller:1.3", "cpe:/a:hosting_controller:hosting_controller:6.1_hotfix_1.7", "cpe:/a:hosting_controller:hosting_controller:1.4", "cpe:/a:hosting_controller:hosting_controller:6.1_hotfix_2.1", "cpe:/a:hosting_controller:hosting_controller:1.4b", "cpe:/a:hosting_controller:hosting_controller:1.1", "cpe:/a:hosting_controller:hosting_controller:1.4.1", "cpe:/a:hosting_controller:hosting_controller:6.1_hotfix_2.8", "cpe:/a:hosting_controller:hosting_controller:6.1_hotfix_2.3", "cpe:/a:hosting_controller:hosting_controller:6.1_hotfix_1.9", "cpe:/a:hosting_controller:hosting_controller:6.1_hotfix_2.9", "cpe:/a:hosting_controller:hosting_controller:6.1_hotfix_2.0", "cpe:/a:hosting_controller:hosting_controller:2002_rc_1", "cpe:/a:hosting_controller:hosting_controller:6.1_hotfix_1.4", "cpe:/a:hosting_controller:hosting_controller:2002"], "id": "CVE-2006-1764", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1764", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.3:*:*:*:*:*:*:*", "cpe:2.3:a:hosting_controller:hosting_controller:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_1.7:*:*:*:*:*:*:*", "cpe:2.3:a:hosting_controller:hosting_controller:1.4b:*:*:*:*:*:*:*", "cpe:2.3:a:hosting_controller:hosting_controller:2002_rc_1:*:*:*:*:*:*:*", "cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.0:*:*:*:*:*:*:*", "cpe:2.3:a:hosting_controller:hosting_controller:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_1.9:*:*:*:*:*:*:*", "cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.9:*:*:*:*:*:*:*", "cpe:2.3:a:hosting_controller:hosting_controller:1.4:*:*:*:*:*:*:*", "cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.1:*:*:*:*:*:*:*", "cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_2.8:*:*:*:*:*:*:*", "cpe:2.3:a:hosting_controller:hosting_controller:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:hosting_controller:hosting_controller:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:hosting_controller:hosting_controller:6.1_hotfix_1.4:*:*:*:*:*:*:*", "cpe:2.3:a:hosting_controller:hosting_controller:2002:*:*:*:*:*:*:*"]}]}