EZsite Forum Discloses Passwords to Remote Users

medium Nessus Plugin ID 11833

Language:

Synopsis

Credentials may be exposed by the remote web application.

Description

The remote host is running EZsite Forum.

It is reported that this software stores usernames and passwords in plaintext form in the 'Database/EZsiteForum.mdb' file. A remote user can reportedly download this database.

Solution

No solution was available at the time. Configure your web server to disallow the download of .mdb files.

Plugin Details

Severity: Medium

ID: 11833

File Name: EZsiteForum.nasl

Version: 1.17

Type: remote

Family: CGI abuses

Published: 9/4/2003

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Detections

Analytics