|
Family: CGI abuses --> Category: infos
Comersus Cart Customer Database Disclosure Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for customer database vulnerability in Comersus Cart
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains an ASP application that is prone to an
information disclosure vulnerability.
Description :
The remote host appears to be running Comersus Cart, an ASP shopping
cart application.
The version of Comersus Cart installed on the remote host fails to
restrict access to its customer database, which contains order
information, passwords, credit card numbers, etc. Further, the data
in all likelihood can be decrypted trivially since the application
reportedly uses the same default password for each version of the
application to encrypt and decrypt data.
See also :
http://www.morx.org/comersus.txt
Solution :
Unknown at this time.
Threat Level:
Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:C)
Click HERE for more information and discussions on this network vulnerability scan.
|