[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-0436Date: (C)2011-03-07   (M)2023-12-22


The register_user function in client/new_account_form.php in Domain Technologie Control (DTC) before 0.32.9 includes a cleartext password in an e-mail message, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECUNIA-43523
ADV-2011-0556
DSA-2179
http://www.gplhost.sg/lists/dtcannounce/msg00025.html
http://openwall.com/lists/oss-security/2011/02/22/1
dtc-passwords-info-disc(65898)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614302
http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=adffff7efb3687ff465ee0552a944dd3109f3cb0
http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=f8e3b2d7cc2da313addc05394568ab9599499285
http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog
http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog

CWE    1
CWE-310
OVAL    1
oval:org.secpod.oval:def:600182

© SecPod Technologies