• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PHPRank Administrator Password Plain Text Storage Vulnerability

phpRank is a freely available web site link sharing script. It is available for Unix, Linux, and Microsoft operating systems.

It has been reported that phpRank does not safely store the administrator password in some circumstances. phpRank stores the administrative password in plain text on the server side when the password has been set. Additionally, once the administrator has accessed the web administration interface, and enabled the cookie storage of authentication credentials, the password is stored in plain text in the authentication cookie.