Weblog Sensitive Information Disclosure in Note-A-Day

Summary

Vulnerability
Weblog Sensitive Information Disclosure in Note-A-Day
Discovered
2006.01.20
Last Update
0 n/a
ID
EV0044
CVE
CVE-2006-0404
Risk Level
medium
Type
Sensitive Information Disclosure
Status
Unpatched
Vendor
n/a
Vulnerable Software
Note-A-Day (http://noteaday.com/)
Version
2.1
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Sensitive Information Disclosure found in Note-A-Day (http://noteaday.com/) script.

Directory archive is not protected by htaccess in default installiation. This can be used to retrieve registered user's information including encrypted passwords.

PoC/Exploit

Admin's encrypted password:

http://host/noteday/archive/.phpass-admin

Solution.

Solution for "Weblog Sensitive Information Disclosure in Note-A-Day" is not available. Check vendor's website for updates.