CVSTrac Database Plaintext Password Storage Network Vulnerability

Summary

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to *.db files that may allow an attacker to gain access to plaintext passwords. ***** OVS has determined the vulnerability exists on the target ***** simply by looking at the version number(s) of CVSTrac ***** installed there.

Solution

Update to version 1.1.4 or disable this CGI suite

Severity

Classification

CVSS	Base Score: 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N

Related Vulnerabilities

AdPeeps 'index.php' Multiple Vulnerabilities.
4psa Voipnow Local File Inclusion Vulnerability
Advantech Studio 'NTWebServer.exe' Directory Traversal Vulnerability
AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities
Adobe ColdFusion Information Disclosure Vulnerability

CVSTrac database plaintext password storage

Take action and discover your vulnerabilities