CVE-2002-1479

Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges.

Published: Apr 22, 2003
Updated: Apr 13, 2023
CVE: CVE-2002-1479
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
the_cacti_group / cacti	0.5	0.5.x
the_cacti_group / cacti	0.6.7	0.6.7.x
the_cacti_group / cacti	0.6.4	0.6.4.x
the_cacti_group / cacti	0.6.1	0.6.1.x
the_cacti_group / cacti	0.6	0.6.x
the_cacti_group / cacti	0.6.6	0.6.6.x
the_cacti_group / cacti	0.6.5	0.6.5.x
the_cacti_group / cacti	0.6.3	0.6.3.x
the_cacti_group / cacti	0.6.8	0.6.8.x
the_cacti_group / cacti	0.6.2	0.6.2.x

http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html
http://www.iss.net/security_center/static/10049.php
http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt
http://www.securityfocus.com/bid/5628

Vulnerability Database

289,697

CVE-2002-1479