CGIScript.net csPassword.cgi stores usernames and unencrypted passwords in the password.cgi.tmp temporary file while modifying data, which could allow local users (and possibly remote attackers) to gain privileges by stealing the file before it has been processed.
References
Link | Resource |
---|---|
http://online.securityfocus.com/archive/1/274727 | |
http://www.iss.net/security_center/static/9223.php | Patch Vendor Advisory |
http://www.securityfocus.com/bid/4889 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2002-08-31T04:00:00
Updated: 2002-09-10T09:00:00
Reserved: 2002-08-16T00:00:00
Link: CVE-2002-0920
JSON object: View
NVD Information
Status : Analyzed
Published: 2002-10-04T04:00:00.000
Modified: 2008-09-10T19:13:11.197
Link: CVE-2002-0920
JSON object: View
Redhat Information
No data.
CWE