SAFE TEAM Regulus 2.2 - 'Custchoice.php' Update Your Password Action Information Disclosure

EDB-ID:

24582

CVE:





Platform:

PHP

Date:

2004-09-07


source: https://www.securityfocus.com/bid/11133/info

Regulus is reported prone to an information disclosure vulnerability. It is reported that a specified user/customer password hash is contained in a hidden tag of the 'Update Your Password' action page. 

An attacker may employ data that is obtained in this manner to aid in further attacks launched against the vulnerable software.

This vulnerability is reported to affect all versions of SAFE TEAM Regulus.

http://example.com/base-dir/htmlcust/custchoice.php?lang=English&userid=<name>&action=To update your password

Where '<name>' is the target username.