PHPPGAdmin存在明文密码存储漏洞发布时间:2002-01-28 更新时间:2002-01-28 严重程度:高 威胁程度:口令恢复 错误类型:设计错误 利用方式:服务器模式 BUGTRAQ ID:3944 受影响系统 phpPgAdmin phpPgAdmin 2.2详细描述 phpPgAdmin 是一款处理PostgreSQL管理任务提供WWW接口的工具。 数据库标准用户的认证信息存在在配置文件中,并且以明文方式进行存储,可以导致本地攻击者获得相关密码信息。 测试代码 见描述 解决方案 请尽快升级到V2.4版本以上: phpPgAdmin phpPgAdmin 2.2: phpPgAdmin Upgrade phpPgAdmin_2-4.tar.gz http://prdownloads.sourceforge.net/phppgadmin/phpPgAdmin_2-4.tar.gz phpPgAdmin Upgrade phpPgAdmin_2-4.zip http://prdownloads.sourceforge.net/phppgadmin/phpPgAdmin_2-4.zip phpPgAdmin phpPgAdmin 2.2.1pl1: phpPgAdmin Upgrade phpPgAdmin_2-4.tar.gz http://prdownloads.sourceforge.net/phppgadmin/phpPgAdmin_2-4.tar.gz phpPgAdmin Upgrade phpPgAdmin_2-4.zip http://prdownloads.sourceforge.net/phppgadmin/phpPgAdmin_2-4.zip phpPgAdmin phpPgAdmin 2.2.1: phpPgAdmin Upgrade phpPgAdmin_2-4.tar.gz http://prdownloads.sourceforge.net/phppgadmin/phpPgAdmin_2-4.tar.gz phpPgAdmin Upgrade phpPgAdmin_2-4.zip http://prdownloads.sourceforge.net/phppgadmin/phpPgAdmin_2-4.zip phpPgAdmin phpPgAdmin 2.3: phpPgAdmin Upgrade phpPgAdmin_2-4.tar.gz http://prdownloads.sourceforge.net/phppgadmin/phpPgAdmin_2-4.tar.gz phpPgAdmin Upgrade phpPgAdmin_2-4.zip http://prdownloads.sourceforge.net/phppgadmin/phpPgAdmin_2-4.zip phpPgAdmin phpPgAdmin 2.3.1: phpPgAdmin Upgrade phpPgAdmin_2-4.tar.gz http://prdownloads.sourceforge.net/phppgadmin/phpPgAdmin_2-4.tar.gz phpPgAdmin Upgrade phpPgAdmin_2-4.zip http://prdownloads.sourceforge.net/phppgadmin/phpPgAdmin_2-4.zip 相关信息 相关主页:http://phppgadmin.sourceforge.net/?page=home |
