|
Family: CGI abuses --> Category: attack
Forum51/Board51/News51 Users Disclosure Vulnerability Scan
Vulnerability Scan Summary Searches for the existence of user.idx
Detailed Explanation for this Vulnerability Test
It is possible to retrieve the list of users of the remote Forum51/Board51/News51
forum, as well as the MD5 hash for their password, by requesting the file
/forumdata/data/user.idx, /boarddata/data/user.idx, /newsdata/data/user.idx
Solution : Prevent users from accessing this directory
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|