CVE: CVE-2008-1567

Export to Word

phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.

Threat-Mapped Scoring

Score: 3.0

Priority: P2 - Serious (High)

S1 – Steal Customer Account Information

EPSS

Score: 0.0004
Percentile: 0.11286

CVSS Scoring

CVSS v3.1 Score: 5.5

Severity: MEDIUM

Mapped CWE(s)

CWE-312 : Cleartext Storage of Sensitive Information

All CAPEC(s)

CAPEC-37: Retrieve Embedded Sensitive Data

CAPEC(s) with Mapped TTPs

CAPEC-37: Retrieve Embedded Sensitive Data
Mapped TTPs:
- T1005 : Data from Local System
- T1552.004 : Private Keys

Mapped ATT&CK TTPs

T1005 : Data from Local System
Kill Chain: collection
T1552.004 : Private Keys
Kill Chain: credential-access

Malware

APTs Threat Group Associations

Campaigns

Operation Wocao
SolarWinds Compromise
Operation CuckooBees
CostaRicto
Operation Honeybee
Operation Dream Job
C0015
Frankenstein
Night Dragon
Operation MidnightEclipse
C0017
Cutting Edge
C0026

Affected Products

cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*

← Back to Home