Allmanage Administrator Password Retrieval Vulnerability

Allmanage is a free suite of perl scripts which allows numerous web sites to be maintained on a server under separate accounts. It stores the administrator's password in a file called "k" which resides in the same directory on the server as the scripts (allmanage.pl, allmanage_admin.pl, and a number of others). If the remote intruder has permissions to read the file "k", he can then load allmanage_admin.pl and enter the management console with administrator priviledges. Some of the features of this console include user account management, file manipulation, quotas, etc.


 

Privacy Statement
Copyright 2010, SecurityFocus