Flowerfire Sawmill Weak Password Encryption Vulnerability

Flowerfire Sawmill Weak Password Encryption Vulnerability

Sawmill is a site statistics package for Unix, Windows and Mac OS. Passwords are encrypted using a weak hash function. This combined with the file disclosure vulnerability in Sawmill (bid = 1402) could allow an attacker to read the contents of sawmill's password file, then decrypt the password and gain Sawmill administrative capabilities.