CVE-2005-1055

high

Description

TowerBlog 0.6 and earlier stores the login data file under the web root, which allows remote attackers to obtain the MD5 checksums of the username and password via a direct request to the _dat/login file.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/20039

http://www.osvdb.org/15425

http://securitytracker.com/id?1013675

http://secunia.com/advisories/14884

http://marc.info/?l=bugtraq&m=111323802003019&w=2

Details

Source: Mitre, NVD

Published: 2005-04-10

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.01075