header-logo
Suggest Exploit
vendor:
Regulus
by:
Unknown
5.5
CVSS
MEDIUM
Information Disclosure
200
CWE
Product Name: Regulus
Affected Version From: All versions of SAFE TEAM Regulus
Affected Version To: All versions
Patch Exists: No
Related CWE:
CPE: SAFE TEAM Regulus
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Information Disclosure Vulnerability in Regulus

Regulus is prone to an information disclosure vulnerability where a specified user/customer password hash is contained in a hidden tag of the 'Update Your Password' action page. An attacker can obtain this data and use it for further attacks.

Mitigation:

It is recommended to apply the latest security patches and updates to the Regulus software. Additionally, users should avoid using weak passwords and should change their passwords regularly.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11133/info

Regulus is reported prone to an information disclosure vulnerability. It is reported that a specified user/customer password hash is contained in a hidden tag of the 'Update Your Password' action page. 

An attacker may employ data that is obtained in this manner to aid in further attacks launched against the vulnerable software.

This vulnerability is reported to affect all versions of SAFE TEAM Regulus.

http://example.com/base-dir/htmlcust/custchoice.php?lang=English&userid=<name>&action=To update your password

Where '<name>' is the target username.

Navigation

Suggest Exploit

Services By CQR