header-logo
Suggest Exploit
vendor:
CuteCast
by:
SecurityFocus
7.5
CVSS
HIGH
Plaintext Credentials Storage
522
CWE
Product Name: CuteCast
Affected Version From: 2000.9.2
Affected Version To: 2000.9.2
Patch Exists: YES
Related CWE: CVE-2002-0674
CPE: o:cuteftp:cutecast
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

Plaintext Credentials Storage

CuteCast is a web-based streaming media server application. It has been reported that the default configuration of CuteCast is insecure, as it stores user information in a publicly accessible directory. This includes plaintext credentials, which can be accessed via the URL http://www.example.com/cgi-bin/cutecast/members/<username>.user.

Mitigation:

Users should ensure that CuteCast is configured to store user information in a secure location.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6127/info

It has been reported that the default configuration of CuteCast is insecure. According to the report, CuteCast stores user information in a publicly accessible directory. This includes plaintext credentials. 

http://www.example.com/cgi-bin/cutecast/members/<username>.user

Navigation

Suggest Exploit

Services By CQR