Adobe Contribute Publishing Server Administrator Password Local Disclosure

low Nessus Plugin ID 22540

Synopsis

The remote Windows host contains an application that is affected by an information disclosure vulnerability.

Description

Adobe Contribute Publishing Server, a web publishing management application, is installed on the remote Windows host.

The version of Contribute Publishing Server on the remote host logged a copy of the password specified for the administrator as part of the installation process. A local user may be able to leverage this flaw to gain administrative access to the affected application and potentially other resources.

Solution

Change the application's administrator password and remove the installation log as described in the vendor advisory referenced above.

See Also

https://www.adobe.com/support/security/bulletins/apsb06-15.html

Plugin Details

Severity: Low

ID: 22540

File Name: adobe_cps_password_disclosure.nasl

Version: 1.24

Type: local

Agent: windows

Family: Windows

Published: 10/11/2006

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.3

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:adobe:contribute

Required KB Items: Settings/ParanoidReport, SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Patch Publication Date: 10/10/2006

Vulnerability Publication Date: 10/10/2006

Reference Information

CVE: CVE-2006-5199

BID: 20439