CVE-2008-4165 | Date: (C)2008-09-22 (M)2023-12-22 |
admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a user password in an HTTP GET request, which allows local administrators, and possibly remote attackers, to obtain cleartext passwords by reading the ssl_access_log file or the referer string.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V2 Severity: |
CVSS Score : 4.0 |
Exploit Score: 8.0 |
Impact Score: 2.9 |
|
CVSS V2 Metrics: |
Access Vector: NETWORK |
Access Complexity: LOW |
Authentication: SINGLE |
Confidentiality: PARTIAL |
Integrity: NONE |
Availability: NONE |
| |