Sawmill Weak Password Encryption Scheme Information Disclosure

high Nessus Plugin ID 10454

Synopsis

An application running on the remote web server is affected by an information disclosure vulnerability.

Description

The version of Sawmill running on the remote web server is affected by an information disclosure vulnerability due to the use of a weak hash function. An unauthenticated, remote attacker can exploit this to obtain the administrative user password.

Solution

Upgrade Sawmill to the latest available version.

Plugin Details

Severity: High

ID: 10454

File Name: sawmill_password.nasl

Version: 1.32

Type: remote

Family: CGI abuses

Published: 6/27/2000

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:sawmill:sawmill

Required KB Items: installed_sw/Sawmill, Sawmill/method

Exploit Ease: No exploit is required

Exploited by Nessus: true

Patch Publication Date: 10/13/2000

Vulnerability Publication Date: 6/26/2000

Reference Information

CVE: CVE-2000-0589

BID: 1403

Detections

Analytics