[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Plaintext Vulnerability in Alan Ward Acart

To: bugtraq@securityfocus.com
Subject: Plaintext Vulnerability in Alan Ward Acart
From: <parag0d@phreaker.net>
Date: 4 Dec 2003 06:08:08 -0000


Vulnerability:  Plaintext Vulnerability

Description:    All of the data in this database is stored in plain text (not 
encrypted), including usernames, passwords, credit card numbers, addresses, 
etc.  Many times the database is placed into a web accessible folder (by 
default)

Exploit:        None Required

Solution:       The developer needs to implement some type of encryption 
standard in order to protect the data stored in the database.  

Credit: CyberArmy Application and Code Auditing Team
        Parag0d


The developer was contacted about this matter, but never gave any response

Prev by Date: XSS Vulnerabilities in Alan Ward Acart
Next by Date: [OpenPKG-SA-2003.051] OpenPKG Security Advisory (rsync)
Previous by thread: XSS Vulnerabilities in Alan Ward Acart
Next by thread: [OpenPKG-SA-2003.051] OpenPKG Security Advisory (rsync)
Index(es):
- Date
- Thread