LiveZilla Password Disclosure Vulnerability Network Vulnerability

Summary

The host is installed with LiveZilla and is prone to password disclosure vulnerability.

Impact

Successful exploitation will allow remote attackers to obtain sensitive information from the application, such as logged-in user credentials, which may aid in further attacks. Impact Level: Application

Solution

Upgrade to LiveZilla 5.1.2.1 or later, For updates refer to http://livezilla.net

Insight

LiveZilla contains a flaw that is due to the application storing credential information in plaintext. This will allow an attacker to gain access to username and password information.

Affected

LiveZilla version 5.1.2.0

Detection

Send a crafted data via HTTP GET request and check whether it is able read the password or not.

References

http://osvdb.org/101120
http://packetstormsecurity.com/files/124444
http://seclists.org/bugtraq/2013/Dec/74

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-7033

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
123 Flash Chat Multiple Security Vulnerabilities
Apache Rave User Information Disclosure Vulnerability
Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities

Take action and discover your vulnerabilities