COWS CGI Online Worldweb Shopping Information Disclosure Vulnerability

COWS CGI Online Worldweb Shopping is a commercial shopping system which is written in Perl. COWS will run on most Linux and Unix variants as well as Microsoft Windows operating systems.

Some sensitive information is not encrypted by COWS. A local attacker could potentially view information about users of the shopping service (including personal information and plaintext authentication credentials).

Furthermore, this information is stored in world-readable files, as described in BugTraq ID 3922 "COWS CGI Online Worldweb Shopping Insecure File Permissions Vulnerability".


Privacy Statement
Copyright 2010, SecurityFocus