Vulnerability Description
CGIScript.net csPassword.cgi stores usernames and unencrypted passwords in the password.cgi.tmp temporary file while modifying data, which could allow local users (and possibly remote attackers) to gain privileges by stealing the file before it has been processed.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cgiscript.Net | Cspassword | 1.0 |
References
- http://online.securityfocus.com/archive/1/274727
- http://www.iss.net/security_center/static/9223.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4889
- http://online.securityfocus.com/archive/1/274727
- http://www.iss.net/security_center/static/9223.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4889
FAQ
What is CVE-2002-0920?
CVE-2002-0920 is a vulnerability with a CVSS score of 5.1 (MEDIUM). CGIScript.net csPassword.cgi stores usernames and unencrypted passwords in the password.cgi.tmp temporary file while modifying data, which could allow local users (and possibly remote attackers) to ga...
How severe is CVE-2002-0920?
CVE-2002-0920 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0920?
Check the references section above for vendor advisories and patch information. Affected products include: Cgiscript.Net Cspassword.