CVE-2008-1567

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-1567
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html Mailing List
http://secunia.com/advisories/29588 Broken Link Vendor Advisory
http://secunia.com/advisories/29613 Broken Link Vendor Advisory
http://secunia.com/advisories/29964 Broken Link Vendor Advisory
http://secunia.com/advisories/30816 Broken Link Vendor Advisory
http://secunia.com/advisories/32834 Broken Link Vendor Advisory
http://secunia.com/advisories/33822 Broken Link Vendor Advisory
http://sourceforge.net/tracker/index.php?func=detail&aid=1909711&group_id=23067&atid=377408 Issue Tracking Third Party Advisory
http://www.debian.org/security/2008/dsa-1557 Mailing List Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2008:131 Broken Link
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2 Patch Vendor Advisory
http://www.securityfocus.com/bid/28560 Broken Link Patch Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/1037/references Broken Link Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41541 Third Party Advisory VDB Entry
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00031.html Mailing List
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00080.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html Mailing List
http://secunia.com/advisories/29588 Broken Link Vendor Advisory
http://secunia.com/advisories/29613 Broken Link Vendor Advisory
http://secunia.com/advisories/29964 Broken Link Vendor Advisory
http://secunia.com/advisories/30816 Broken Link Vendor Advisory
http://secunia.com/advisories/32834 Broken Link Vendor Advisory
http://secunia.com/advisories/33822 Broken Link Vendor Advisory
http://sourceforge.net/tracker/index.php?func=detail&aid=1909711&group_id=23067&atid=377408 Issue Tracking Third Party Advisory
http://www.debian.org/security/2008/dsa-1557 Mailing List Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2008:131 Broken Link
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2 Patch Vendor Advisory
http://www.securityfocus.com/bid/28560 Broken Link Patch Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/1037/references Broken Link Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41541 Third Party Advisory VDB Entry
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00031.html Mailing List
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00080.html Mailing List
Configurations

Configuration 1 (hide)

cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
History

21 Nov 2024, 00:44

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html - Mailing List () http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html - Mailing List
References () http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html - Mailing List () http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html - Mailing List
References () http://secunia.com/advisories/29588 - Broken Link, Vendor Advisory () http://secunia.com/advisories/29588 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/29613 - Broken Link, Vendor Advisory () http://secunia.com/advisories/29613 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/29964 - Broken Link, Vendor Advisory () http://secunia.com/advisories/29964 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/30816 - Broken Link, Vendor Advisory () http://secunia.com/advisories/30816 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/32834 - Broken Link, Vendor Advisory () http://secunia.com/advisories/32834 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/33822 - Broken Link, Vendor Advisory () http://secunia.com/advisories/33822 - Broken Link, Vendor Advisory
References () http://sourceforge.net/tracker/index.php?func=detail&aid=1909711&group_id=23067&atid=377408 - Issue Tracking, Third Party Advisory () http://sourceforge.net/tracker/index.php?func=detail&aid=1909711&group_id=23067&atid=377408 - Issue Tracking, Third Party Advisory
References () http://www.debian.org/security/2008/dsa-1557 - Mailing List, Patch () http://www.debian.org/security/2008/dsa-1557 - Mailing List, Patch
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:131 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2008:131 - Broken Link
References () http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2 - Patch, Vendor Advisory () http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2 - Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/28560 - Broken Link, Patch, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/28560 - Broken Link, Patch, Third Party Advisory, VDB Entry
References () http://www.vupen.com/english/advisories/2008/1037/references - Broken Link, Vendor Advisory () http://www.vupen.com/english/advisories/2008/1037/references - Broken Link, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/41541 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/41541 - Third Party Advisory, VDB Entry
References () https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00031.html - Mailing List () https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00031.html - Mailing List
References () https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00080.html - Mailing List () https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00080.html - Mailing List

14 Feb 2024, 15:31

Type Values Removed Values Added
CPE cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.4.0:*:*:*:*:*:*:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.10.3.0:*:*:*:*:*:*:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.1:*:*:*:*:*:*:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.0:*:*:*:*:*:*:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.10.0.2:*:*:*:*:*:*:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.10.1.0:*:*:*:*:*:*:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.0:*:*:*:*:*:*:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.10.0.1:*:*:*:*:*:*:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.2:*:*:*:*:*:*:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.0:*:*:*:*:*:*:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.1:*:*:*:*:*:*:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.10.2.0:*:*:*:*:*:*:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3.0:*:*:*:*:*:*:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.2:*:*:*:*:*:*:*		 cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
References (SECUNIA) http://secunia.com/advisories/29613 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/29613 - Broken Link, Vendor Advisory
References (BID) http://www.securityfocus.com/bid/28560 - Patch (BID) http://www.securityfocus.com/bid/28560 - Broken Link, Patch, Third Party Advisory, VDB Entry
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html - Mailing List
References (SECUNIA) http://secunia.com/advisories/29964 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/29964 - Broken Link, Vendor Advisory
References (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00031.html - (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00031.html - Mailing List
References (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00080.html - (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00080.html - Mailing List
References (SECUNIA) http://secunia.com/advisories/33822 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/33822 - Broken Link, Vendor Advisory
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:131 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:131 - Broken Link
References (SECUNIA) http://secunia.com/advisories/29588 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/29588 - Broken Link, Vendor Advisory
References (MISC) http://sourceforge.net/tracker/index.php?func=detail&aid=1909711&group_id=23067&atid=377408 - (MISC) http://sourceforge.net/tracker/index.php?func=detail&aid=1909711&group_id=23067&atid=377408 - Issue Tracking, Third Party Advisory
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/41541 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/41541 - Third Party Advisory, VDB Entry
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html - Mailing List
References (SECUNIA) http://secunia.com/advisories/32834 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/32834 - Broken Link, Vendor Advisory
References (VUPEN) http://www.vupen.com/english/advisories/2008/1037/references - Vendor Advisory (VUPEN) http://www.vupen.com/english/advisories/2008/1037/references - Broken Link, Vendor Advisory
References (DEBIAN) http://www.debian.org/security/2008/dsa-1557 - Patch (DEBIAN) http://www.debian.org/security/2008/dsa-1557 - Mailing List, Patch
References (SECUNIA) http://secunia.com/advisories/30816 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/30816 - Broken Link, Vendor Advisory
CVSS v2 : 2.1
v3 : unknown 		v2 : 2.1
v3 : 5.5
CWE CWE-200 CWE-312
First Time Debian debian Linux
Debian
Fedoraproject fedora
Opensuse opensuse
Fedoraproject
Opensuse
Information

Published : 2008-03-31 22:44

Updated : 2024-11-21 00:44

NVD link : CVE-2008-1567

Mitre link : CVE-2008-1567

CVE.ORG link : CVE-2008-1567

JSON object : View

Products Affected

debian

  • debian_linux

fedoraproject

  • fedora

phpmyadmin

  • phpmyadmin

opensuse

  • opensuse
CWE
CWE-312

Cleartext Storage of Sensitive Information


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024