PCCS-Mysql User/Password Exposure

high Nessus Plugin ID 10783

Synopsis

Sensitive data may be read on the remote host.

Description

It is possible to read the include file of PCCS-Mysql, dbconnect.inc on the remote server.

This include file contains information such as the username and password used to connect to the database.

Solution

Versions 1.2.5 and later are not vulnerable to this issue. A workaround is to restrict access to the .inc file.

Plugin Details

Severity: High

ID: 10783

File Name: pccsmysqladm.nasl

Version: 1.22

Type: remote

Family: CGI abuses

Published: 10/16/2001

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Ease: No exploit is required

Vulnerability Publication Date: 8/4/2000

Reference Information

CVE: CVE-2000-0707

BID: 1557