FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-0436

This CVE name corresponds to:

Entered Topic
2011-08-13 dtc -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2011-0436
Phase Assigned(20110112)

Description

The register_user function in client/new_account_form.php in Domain Technologie Control (DTC) before 0.32.9 includes a cleartext password in an e-mail message, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

References

Source Reference
MLIST [dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update
MLIST [oss-security] 20110222 CVE-2011-0436: dtc sends password of new users to site admin by unencrypted email
CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614302
CONFIRM http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=adffff7efb3687ff465ee0552a944dd3109f3cb0
CONFIRM http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=f8e3b2d7cc2da313addc05394568ab9599499285
CONFIRM http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog
CONFIRM http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog
DEBIAN DSA-2179
SECUNIA 43523
VUPEN ADV-2011-0556
XF dtc-passwords-info-disc(65898)