• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

TowerBlog User Credential Exposure Weakness

TowerBlog is reported prone to a weakness that may allow remote attackers to disclose user credentials.

It is reported that user password hashes are stored in a file that resides in the Web root allowing arbitrary attackers to access and disclose the sensitive information.

An attacker may then carry out brute force attacks against the password hashes to ultimately disclose user credentials. This may lead to other attacks against the system and potentially allow the attacker to compromise an affected computer.

TowerBlog 0.6 is reported to be affected. Other versions may be affected as well.