|
Flaw Found in H-Sphere, Patched |
|
|
|
|
Thursday, 12 May 2005 |
|
Exploitlabs.com reported recently that a flaw had been discovered in the H-Sphere Web hosting automation solution.
When performing administration duties for domain management, H-Sphere writes domain information and the username and password of the administrator in a locally readable log file. According to the report, on Windows servers running H-Sphere, the default install does not restrict permission to this folder, allowing less privileged users to read account information. A hacker could learn the username and password and gain full access to an H-Sphere system.
H-Sphere version 2.4.2 Patch 4 and H-Sphere version 2.4.3 RC 1 are vulnerable to the flaw.
Positive Software (www.psoft.net), the developer of H-Sphere, was notified of the flaw and a patch was released. It can be found at psoft.net/misc/hsphere_winbox_security_update_passwd.html
This vulnerability was discovered and researched by Donnie Werner of Exploitlabs.
 |
|
Last Updated ( Monday, 14 April 2008 )
|
News 
Subscribe to this comment's feed
