Positive Software H-Sphere Winbox 2.4 - Sensitive Logfile Content Disclosure
| EKU-ID: 30975 | CVE: CVE-2005-1606;OSVDB-16239 | OSVDB-ID: |
| Author: Morning Wood | Published: 2005-05-09 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 30975 | CVE: CVE-2005-1606;OSVDB-16239 | OSVDB-ID: |
| Author: Morning Wood | Published: 2005-05-09 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/13559/info It is reported that Positive Software H-Sphere Winbox stores user account information in a plaintext format inside of application log files. As a result, user credentials could be exposed to other local users who have permissions to access the log files. C:\HSphere.NET\log\action.log C:\HSphere.NET\log\resources.log