[32674] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Plaintext Vulnerability in Alan Ward Acart

daemon@ATHENA.MIT.EDU (parag0d@phreaker.net)
Thu Dec 4 12:04:39 2003

Date: 4 Dec 2003 06:08:08 -0000
Message-ID: <20031204060808.23073.qmail@sf-www2-symnsj.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: <parag0d@phreaker.net>
To: bugtraq@securityfocus.com

Vulnerability:	Plaintext Vulnerability

Description:	All of the data in this database is stored in plain text (not encrypted), including usernames, passwords, credit card numbers, addresses, etc.  Many times the database is placed into a web accessible folder (by default)

Exploit:	None Required

Solution:	The developer needs to implement some type of encryption standard in order to protect the data stored in the database.  

Credit:	CyberArmy Application and Code Auditing Team
	Parag0d

The developer was contacted about this matter, but never gave any response


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[32674] in bugtraq

Plaintext Vulnerability in Alan Ward Acart

daemon@ATHENA.MIT.EDU (parag0d@phreaker.net)Thu Dec 4 12:04:39 2003

daemon@ATHENA.MIT.EDU (parag0d@phreaker.net)
Thu Dec 4 12:04:39 2003