CVE-2008-1567 — MEDIUM (5.5)

Q: How severe is CVE-2008-1567?

CVE-2008-1567 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-1567?

Check the references section above for vendor advisories and patch information. Affected products include: Phpmyadmin Phpmyadmin, Debian Debian Linux, Fedoraproject Fedora, Opensuse Opensuse.

Vulnerability Description

phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Phpmyadmin	Phpmyadmin	< 2.11.5.1
Debian	Debian Linux	4.0
Fedoraproject	Fedora	7
Opensuse	Opensuse	10.2

Related Weaknesses (CWE)

CWE-312

References

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.htmlMailing List
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.htmlMailing List
http://secunia.com/advisories/29588Broken LinkVendor Advisory
http://secunia.com/advisories/29613Broken LinkVendor Advisory
http://secunia.com/advisories/29964Broken LinkVendor Advisory
http://secunia.com/advisories/30816Broken LinkVendor Advisory
http://secunia.com/advisories/32834Broken LinkVendor Advisory
http://secunia.com/advisories/33822Broken LinkVendor Advisory
http://sourceforge.net/tracker/index.php?func=detail&aid=1909711&group_id=23067&Issue TrackingThird Party Advisory
http://www.debian.org/security/2008/dsa-1557Mailing ListPatch
http://www.mandriva.com/security/advisories?name=MDVSA-2008:131Broken Link
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2PatchVendor Advisory
http://www.securityfocus.com/bid/28560Broken LinkPatchThird Party Advisory
http://www.vupen.com/english/advisories/2008/1037/referencesBroken LinkVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41541Third Party AdvisoryVDB Entry

FAQ

What is CVE-2008-1567?

CVE-2008-1567 is a vulnerability with a CVSS score of 5.5 (MEDIUM). phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive info...

How severe is CVE-2008-1567?

CVE-2008-1567 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-1567?

Check the references section above for vendor advisories and patch information. Affected products include: Phpmyadmin Phpmyadmin, Debian Debian Linux, Fedoraproject Fedora, Opensuse Opensuse.