vendor:
Password Wizard
by:
THR
7.5
CVSS
HIGH
Authentication Credentials Disclosure
200
CWE
Product Name: Password Wizard
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002
Exploit for Coffee Cup Password Wizard
A vulnerability exists in Password Wizard configured to generate Java applets to password protect pages. Specifically, the authentication credentials are stored in the HTML code. The credentials may be encrypted using an algorithm that can be cracked by an attacker. An attacker can simply view the HTML source code to obtain authentication credentials.
Mitigation:
Ensure that authentication credentials are not stored in the HTML code.
