OSVDB ID: 29672

Title: Adobe Contribute Publishing Server Installation Logfile Password Disclosure

Info

Disclosure

Oct 10, 2006

Discovery

Unknown

Dates

Exploit

Oct 10, 2006

Solution

Unknown

Description

Adobe Contribute Publishing Server contains a flaw that may lead to an unauthorized password exposure. It is possible to gain administrator access by accessing plaintext passwords that are stored in the "installvariables.properties" log file. This file is created during the installation process.

Classification

Location: Remote / Network Access
Attack Type: Cryptographic, Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Immediately after installation, change all default install passwords to a unique and secure password. When possible, change default accounts to custom names as well. As well to remove the file: Browse to the Contribute Publishing Server installation location and remove the installvariables.properties file from the 'UninstallerData' (Windows) or 'Uninstall Macromedia Contribute Publishing Server' directory.

Products

Adobe Systems Incorporated

Contribute Publishing Server

1.x

References

Security Tracker: 1017038
CVE ID: 2006-5199 (see also: NVD)
Bugtraq ID: 20439
Secunia Advisory ID: 22329
VUPEN Advisory: ADV-2006-4001
Vendor Specific Advisory URL: http://www.adobe.com/support/security/bulletins/apsb06-15.html

Credit

Seth Stein -

Direct URL: http://osvdb.org/29672