Vulnerability Name: | CVE-2002-0920 (CCN-9223) | ||||||||
Assigned: | 2002-05-29 | ||||||||
Published: | 2002-05-29 | ||||||||
Updated: | 2008-09-10 | ||||||||
Summary: | CGIScript.net csPassword.cgi stores usernames and unencrypted passwords in the password.cgi.tmp temporary file while modifying data, which could allow local users (and possibly remote attackers) to gain privileges by stealing the file before it has been processed. | ||||||||
CVSS v3 Severity: | 4.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Obtain Information | ||||||||
References: | Source: CCN Type: BugTraq Mailing List, Wed May 29 2002 - 17:16:28 CDT CGIscript.net - csPassword.cgi - Multiple Vulnerabilities Source: MITRE Type: CNA CVE-2002-0920 Source: BUGTRAQ Type: UNKNOWN 20020529 CGIscript.net - csPassword.cgi - Multiple Vulnerabilities Source: CCN Type: CGIScript.net Web site CGI Script.net - Contact Us Source: XF Type: Patch, Vendor Advisory cgiscript-cspassword-tmpfile-access(9223) Source: CCN Type: OSVDB ID: 14501 CGIScript.net csPassword.cgi password.cgi.tmp Cleartext Authentication Credential Disclosure Source: BID Type: UNKNOWN 4889 Source: CCN Type: BID-4889 CGIScript.net csPassword.CGI Password.CGI.TMP File Disclosure Vulnerability Source: XF Type: UNKNOWN cgiscript-cspassword-tmpfile-access(9223) | ||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
BACK |