Allmanage Administrator Password Retrieval Vulnerability

Allmanage is a free suite of perl scripts which allows numerous web sites to be maintained on a server under separate accounts. It stores the administrator's password in a file called "k" which resides in the same directory on the server as the scripts (,, and a number of others). If the remote intruder has permissions to read the file "k", he can then load and enter the management console with administrator priviledges. Some of the features of this console include user account management, file manipulation, quotas, etc.


Privacy Statement
Copyright 2010, SecurityFocus