SHOUTcast 1.8.9 and previous versions allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
nullsoft shoutcast server 1.8.9 |