Back to search
CVE-2004-2524
Published: Oct 25, 2005
Modified: Aug 8, 2024
PUBLISHED
Description
clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier allows remote attackers to obtain plaintext username and password credentials by using the clogin_e and base64_encode functions to encode the desired user ID in the c parameter, then read the plaintext values in the resulting form.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
10846
vdb-entry
x_refsource_BID
whmautopilot-clogin-gain-access(16849)
vdb-entry
x_refsource_XF
8279
vdb-entry
x_refsource_OSVDB
12200
third-party-advisory
x_refsource_SECUNIA
1010833
vdb-entry
x_refsource_SECTRACK
20040802 Benchmark Designs' WHM Autopilot backdoor vulnerability to plain-text password.
mailing-list
x_refsource_FULLDISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now