Plaintext Vulnerability in Alan Ward Acart

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Plaintext Vulnerability in Alan Ward Acart
From: <parag0d@xxxxxxxxxxxx>
Date: 4 Dec 2003 06:08:08 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


Vulnerability:  Plaintext Vulnerability

Description:    All of the data in this database is stored in plain text (not 
encrypted), including usernames, passwords, credit card numbers, addresses, 
etc.  Many times the database is placed into a web accessible folder (by 
default)

Exploit:        None Required

Solution:       The developer needs to implement some type of encryption 
standard in order to protect the data stored in the database.  

Credit: CyberArmy Application and Code Auditing Team
        Parag0d


The developer was contacted about this matter, but never gave any response

Prev by Date: rsync security advisory (fwd)
Next by Date: Re: Linksys WRT54G Denial of Service Vulnerability
Previous by thread: rsync security advisory (fwd)
Next by thread: TSLSA-2003-0048 - rsync
Index(es):
- Date
- Thread