Adobe Contribute Publishing Server Administrator Password Local Disclosure

Low Nessus Plugin ID 22540


The remote Windows host contains an application that is affected by an information disclosure vulnerability.


Adobe Contribute Publishing Server, a web publishing management application, is installed on the remote Windows host.

The version of Contribute Publishing Server on the remote host logged a copy of the password specified for the administrator as part of the installation process. A local user may be able to leverage this flaw to gain administrative access to the affected application and potentially other resources.


Change the application's administrator password and remove the installation log as described in the vendor advisory referenced above.

See Also

Plugin Details

Severity: Low

ID: 22540

File Name: adobe_cps_password_disclosure.nasl

Version: $Revision: 1.22 $

Type: local

Agent: windows

Family: Windows

Published: 2006/10/11

Modified: 2015/09/24

Dependencies: 13855

Risk Information

Risk Factor: Low


Base Score: 2.1

Temporal Score: 1.7

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:W/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:contribute

Required KB Items: SMB/Registry/Enumerated, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Patch Publication Date: 2006/10/10

Vulnerability Publication Date: 2006/10/10

Reference Information

CVE: CVE-2006-5199

BID: 20439

OSVDB: 29672