Detections
Analytics

Fedora Directory Server Crafted IFRAME adm.conf Admin Server Password Disclosure

medium Nessus Plugin ID 20952

Language:

Synopsis

The remote web server is affected by an information disclosure vulnerability.

Description

The remote host appears to be running Fedora Directory Server, a directory server implementation for Fedora Core.

The Administration Server, which is used to manage Fedora DS, allows an unauthenticated attacker to retrieve the admin password hash through a simple GET request.

Solution

Upgrade to Fedora Directory Server 1.0.1 or later.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=174837

http://directory.fedora.redhat.com/wiki/FDS10Announcement

Plugin Details

Severity: Medium

ID: 20952

File Name: fedora_ds_pass_disclosure.nasl

Version: 1.14

Type: remote

Family: CGI abuses

Published: 2/21/2006

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 12/2/2005

Reference Information

CVE: CVE-2005-3630

BID: 16729