ASPapp Products Password Exposure

2003-12-18T00:00:00
ID OSVDB:3129
Type osvdb
Reporter OSVDB
Modified 2003-12-18T00:00:00

Description

Vulnerability Description

IntranetApp, PortalApp and ProjectApp contain a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords via XSS cookie theft as well as viewing the HTML source of a user profile, which may lead to a loss of confidentiality, integrity and/or availability.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue. The vendor has committed to releasing a patch.

Short Description

IntranetApp, PortalApp and ProjectApp contain a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords via XSS cookie theft as well as viewing the HTML source of a user profile, which may lead to a loss of confidentiality, integrity and/or availability.

References:

Vendor URL: http://www.aspapp.com/apps/default.asp Secunia Advisory ID:10465 Generic Informational URL: http://www.gulftech.org/12182003.php