Improper access control

2009-03-0606:50:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.2%

JSON

Kipper 2.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing credentials via a direct request for job/config.data.

CPENameOperatorVersion
kippereq2.01

CPE	Name	Operator	Version
	kipper	eq	2.01

References

secunia.com/advisories/33832

www.exploit-db.com/exploits/7993