Info

Disclosure

Nov 26, 2003

Discovery

Unknown

Dates

Exploit

Nov 26, 2003

Solution

Unknown

Description

Local unprivileged users can access the RNN Guestbook gbpass.pl file if set up according to the RNN software recommendations. Access to this file allows an attacker go read the Guestbook administrative password in plaintext.

Classification

Unknown or Incomplete

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by disabling all access to the guestbook scripts until a patch or upgrade is made available.

Products

RNN

Guestbook

1.2

References

Secunia Advisory ID: 10306
ISS X-Force ID: 13864
Bugtraq ID: 9116
Generic Informational URL: http://packetstormsecurity.nl/0311-exploits/rnnguest12.txt

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/2915