|
|
Family: CGI abuses --> Category: attack
PhpGroupWare plaintext cookie authentication credentials vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for PhpGroupWare version
Detailed Explanation for this Vulnerability Test
The remote host seems to be running PhpGroupWare.
PhpGroupWare is a multi-user groupware suite written in PHP.
This version is reported to contain a plaintext cookie authentication
credentials information disclosure vulnerability. If the web
administration of PHPGroupWare is not conducted over an encrypted link,
a possible hacker with the ability to sniff network traffic could easily
retrieve these passwords. This may aid the attacker in further system
compromise.
Solution : Update to version 0.9.16.002 or newer
See also: http://www.phpgroupware.org/
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
