Regulus stafffile Password File Disclosure

2004-09-07T05:12:56
ID OSVDB:9925
Type osvdb
Reporter (masud_libra@hotmail.com)
Modified 2004-09-07T05:12:56

Description

Vulnerability Description

Regulus contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker submits a specially crafted URL, which will disclose the users and the encrypted passwords resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Regulus contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker submits a specially crafted URL, which will disclose the users and the encrypted passwords resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/base-dir/access/stafffile

References:

Vendor URL: http://www.regulus.safe.ca/ Secunia Advisory ID:12513 Related OSVDB ID: 9926 Related OSVDB ID: 9821 Other Advisory URL: http://www.aosp.net/regulus.ppt Other Advisory URL: http://www.aosp.net/regulus.htm Bugtraq ID: 11133