phpMyAdmin prior to 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpmyadmin phpmyadmin |
||
debian debian linux 4.0 |
||
fedoraproject fedora 8 |
||
fedoraproject fedora 7 |
||
opensuse opensuse 10.2 |
||
opensuse opensuse 11.0 |
||
opensuse opensuse 10.3 |