CVE-2008-6157
published 2009-02-17CVE-2008-6157: SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which allows context-dependent attackers to obtain sensitive information.
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
2.96%
85.5th percentile
SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which allows context-dependent attackers to obtain sensitive information.
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
CWE
Missing Encryption of Sensitive Data
mitre_cwe
CWE-311 Missing Encryption of Sensitive Data
CWE-311: Missing Encryption of Sensitive Data
The product does not encrypt sensitive or critical information before storage or transmission.
Modes of Introduction:
Phase: Architecture and Design
Note: OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase.
Phase: Operation
Common Consequences:
Scope: Confidentiality. Impact: Read Application Data. If the application does not use a secure channel, such as SSL, to exchange sensitive information, it is possible for an attacker with access to the network traffic to sniff packets from the connection and uncover the data. This attack is not technically difficult, but does require physical access to some portion of the network over which the sensitive data travels. This access is usually somewhe
CWE
Cleartext Storage of Sensitive Information
mitre_cwe
CWE-312 Cleartext Storage of Sensitive Information
CWE-312: Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Modes of Introduction:
Phase: Architecture and Design
Note: OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase.
Common Consequences:
Scope: Confidentiality. Impact: Read Application Data. An attacker with access to the system could read sensitive information stored in cleartext (i.e., unencrypted). Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.
Detection Methods:
Automated Static Analysis: Automated static analysis, commonly referred to as Stat
http://www.attrition.org/pipermail/vim/2009-February/002146.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/48822https://www.exploit-db.com/exploits/7613http://www.attrition.org/pipermail/vim/2009-February/002146.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/48822https://www.exploit-db.com/exploits/7613
2009-02-17
Published