CVE-2010-0124

Loading...

General

Score:2.1/10.0
Severity:Low
Category:Access Management Error
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:None
Availability:None

Exploitability Metrics

Access Vector:Local
Access Complexity:Low
Authentication:None

Published on 15/03/10 - Updated on 10/10/18

Description

Employee Timeclock Software 0.99 places the database password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.

Category: Access Management Error

CWE-255 (Credentials Management)
Weaknesses in this category are related to the management of credentials.

Security Notices

US National Vulnerability DatabaseCVE-2010-0124

Exploits

SecurityFocusBID-38642

Relative technologies

VendorProduct
timeclock-softwareemployee_timeclock_software

Share this vulnerability with:

Twitter Facebook LinkedIn Mail