header-logo
Suggest Exploit
vendor:
MySimpleNews
by:
SecurityFocus
7.5
CVSS
HIGH
Password in Clear Text
259
CWE
Product Name: MySimpleNews
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

MySimpleNews Stores Administrative Password in Clear Text

MySimpleNews stores the administrative password in clear text in a remotely viewable HTML file. Any remote user can view the contents of the HTML file to determine the administrator password.

Mitigation:

Ensure that passwords are stored in an encrypted format and not in plain text.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5866/info

MySimpleNews stores the administrative password in clear text in a remotely viewable HTML file.

Any remote user can view the contents of the HTML file to determine the administrator password.

The administrator password can be found in the HTML code for admin.html below:
moncode = prompt('MySimpleNews - Administration','');
if (moncode != "[ADMINPASSWORD]")
{
location.href="about:Erreur 403";
}

Navigation

Suggest Exploit

Services By CQR