icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Fedora DS Administration Server < 1.0.1 Information Disclosure

Medium

Synopsis

The remote web server is affected by an information disclosure vulnerability.

Description

The remote host appears to be running Fedora Directory Server, a directory server implementation for Fedora Core. The Administration Server, which is used to manage Fedora DS, allows an unauthenticated attacker to retrieve the admin password hash through a simple GET request.

Solution

Upgrade to version 1.0.1 or higher.