CVE-2008-1567
MEDIUM severity · CVSS 5.5 · CWE-312
5.5CVSS MEDIUM
Summary
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.
Impact & exploitability
Attack vectorLocal
Attack complexityLow
Privileges requiredLow
User interactionNone
Confidentiality impactHigh
Integrity impactNone
Availability impactNone
Exploit probability (EPSS)0%
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://secunia.com/advisories/29588Advisory
- http://secunia.com/advisories/29613Advisory
- http://secunia.com/advisories/29964Advisory
- http://secunia.com/advisories/30816Advisory
- http://secunia.com/advisories/32834Advisory
- http://secunia.com/advisories/33822Advisory
- http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html