op5 Monitor Credential Leak
Medium Nessus Plugin ID 57579
SynopsisA PHP application hosted on the remote web server discloses credentials in error messages.
DescriptionThe version of op5 Monitor hosted on the remote web server contains an information disclosure vulnerability. In the default configuration, detailed error messages are enabled. An authenticated user, upon triggering an error, will be presented with sensitive data including database credentials, the current user's hashed password, and SQL statements.
Note that the versions affected by this vulnerability are also affected by CVE-2012-0264, which is an improper session handling vulnerability.
SolutionUpgrade op5 Monitor to version 5.5.0 or later.