Advertisement






Invision Power Board Plaintext Password Disclosure Vuln

CVE Category Price Severity
CWE-200 Unknown High
Author Risk Exploitation Type Date
Unknown High Remote 2007-10-23
CPE
cpe:cpe:/a:invision_power_services:invision_power_board
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2007100097

Below is a copy:

Invision Power Board Plaintext Password Disclosure Vuln

-------------------------------------------------------

Version: All?

Problem: Invision Power Board gives an admin the option

to create a pass protected forum. The problem with this

is that the password is then stored in the cookie fully

readable as it is shown in plaintext.

Credits: All credit goes to JeiAr of GulfTech Computers



Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.