PhpGroupWare Plaintext Cookie Authentication Credentials Vulnerability Network Vulnerability

Summary

The remote host seems to be running PhpGroupWare. PhpGroupWare is a multi-user groupware suite written in PHP. This version is reported to contain a plaintext cookie authentication credentials information disclosure vulnerability. If the web administration of PHPGroupWare is not conducted over an encrypted link, an attacker with the ability to sniff network traffic could easily retrieve these passwords. This may aid the attacker in further system compromise.

Solution

Update to version 0.9.16.002 or newer

References

http://www.phpgroupware.org/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2004-2578

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Tomcat Information Disclosure Vulnerability
Apache Rave User Information Disclosure Vulnerability
Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
Adobe JRun Management Console Multiple Vulnerabilities
Apache Solr Directory Traversal Vulnerability Jan-14

PhpGroupWare plaintext cookie authentication credentials vulnerability

Take action and discover your vulnerabilities