An issue was discovered in Froxlor through 0.10.15. The installer wrote configuration parameters including passwords into files in /tmp, setting proper permissions only after writing the sensitive data. A local attacker could have disclosed the information if he read the file at the right time, because of _createUserdataConf in install/lib/class.FroxlorInstall.php.
CPE | Name | Operator | Version |
---|---|---|---|
froxlor | eq | 0.9.32 | |
froxlor | eq | 0.10.10 | |
froxlor | eq | 0.9.28 | |
froxlor | eq | 0.9.22-rc1 | |
froxlor | eq | 0.9.33-rc1 | |
froxlor | eq | 0.9.37-rc1 | |
froxlor | eq | 0.9.31-rc1 | |
froxlor | eq | 0.9.33-rc2 | |
froxlor | eq | 0.9.39.2 | |
froxlor | eq | 0.9.28.1 |