| VID |
21942 |
| Severity |
40 |
| Port |
8987, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Sawmill program discloses the contents of Sawmill's password file. Sawmill is a site statistics package for Unix, Windows and Mac OS. Sawmill version 5.0.21 could allow a remote attacker to read the contents of Sawmill's password file, cause by a weak encryption algorithm of Sawmill hash function. A remote attacker could use this password to gain Sawmill administrative capabilities.
* References:
http://archives.neohapsis.com/archives/bugtraq/2000-06/0271.html
http://archives.neohapsis.com/archives/bugtraq/2000-07/0080.html
* Platforms Affected:
Flowerfire, Sawmill version 5.0.21
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Sawmill (5.0.22 or later), available from the Sawmill Download Web site at http://www.sawmill.net/us_downloads.html |
| Related URL |
CVE-2000-0589 (CVE) |
| Related URL |
1403 (SecurityFocus) |
| Related URL |
(ISS) |
|
