CVE-2004-2578 | SynScan

Vulnerability Database

289,871

Total vulnerabilities in the database

CVE-2004-2578

phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords.

Published: Dec 31, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-2578
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
phpgroupware / phpgroupware	0.9.14.003	0.9.14.003.x
phpgroupware / phpgroupware	0.9.1	0.9.1.x
phpgroupware / phpgroupware	0.9.2	0.9.2.x
phpgroupware / phpgroupware	0.9.7	0.9.7.x
phpgroupware / phpgroupware	0.9.13	0.9.13.x
phpgroupware / phpgroupware	0.9.14.005	0.9.14.005.x
phpgroupware / phpgroupware	0.9.14.006	0.9.14.006.x
phpgroupware / phpgroupware	0.9.9	0.9.9.x
phpgroupware / phpgroupware	0.9.3	0.9.3.x
phpgroupware / phpgroupware	0.9.12	0.9.12.x
phpgroupware / phpgroupware	0.9.16.001	0.9.16.001.x
phpgroupware / phpgroupware	0.9.6	0.9.6.x
phpgroupware / phpgroupware	0.9.4	0.9.4.x
phpgroupware / phpgroupware	0.9.16.000	0.9.16.000.x
phpgroupware / phpgroupware	0.9.5	0.9.5.x
phpgroupware / phpgroupware	0.9.10	0.9.10.x
phpgroupware / phpgroupware	0.9.8	0.9.8.x
phpgroupware / phpgroupware	0.9.9_pl1	0.9.9_pl1.x
phpgroupware / phpgroupware	0.9.14.007	0.9.14.007.x