Nessus Plugin #14293
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
PhpGroupWare plaintext cookie authentication credentials vulnerability
- Family:
- CGI abuses
- Category:
- attack
- Copyright:
- This script is Copyright (C) 2004 David Maciejak
- Summary:
- Checks for PhpGroupWare version
- Version:
- $Revision: 1.6 $
- Cve_id:
- -
- Bugtraq_id:
- 10895
- Xrefs:
- -
- Description:
The remote host seems to be running PhpGroupWare.
PhpGroupWare is a multi-user groupware suite written in PHP.
This version is reported to contain a plaintext cookie authentication
credentials information disclosure vulnerability. If the web
administration of PHPGroupWare is not conducted over an encrypted link,
an attacker with the ability to sniff network traffic could easily
retrieve these passwords. This may aid the attacker in further system
compromise.
Solution : Update to version 0.9.16.002 or newer
See also: http://www.phpgroupware.org/
Risk factor : Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.