FreeBSD : ikiwiki -- cleartext passwords (90db9983-2f53-11dd-a0d8-0016d325a0ed)

high Nessus Plugin ID 32489

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The ikiwiki development team reports :

Until version 2.48, ikiwiki stored passwords in cleartext in the userdb. That risks exposing all users' passwords if the file is somehow exposed. To pre-emtively guard against that, current versions of ikiwiki store password hashes (using Eksblowfish).

Solution

Update the affected package.

See Also

http://ikiwiki.info/security/#index32h2

http://www.nessus.org/u?63f1696c

Plugin Details

Severity: High

ID: 32489

File Name: freebsd_pkg_90db99832f5311dda0d80016d325a0ed.nasl

Version: 1.12

Type: local

Published: 6/2/2008

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:ikiwiki, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 6/1/2008

Vulnerability Publication Date: 5/30/2008