11 lines
No EOL
612 B
Text
11 lines
No EOL
612 B
Text
source: https://www.securityfocus.com/bid/11133/info
|
|
|
|
Regulus is reported prone to an information disclosure vulnerability. It is reported that a specified user/customer password hash is contained in a hidden tag of the 'Update Your Password' action page.
|
|
|
|
An attacker may employ data that is obtained in this manner to aid in further attacks launched against the vulnerable software.
|
|
|
|
This vulnerability is reported to affect all versions of SAFE TEAM Regulus.
|
|
|
|
http://example.com/base-dir/htmlcust/custchoice.php?lang=English&userid=<name>&action=To update your password
|
|
|
|
Where '<name>' is the target username. |