Intrusion Prevention

CGI.CHETCPASSWD.Shadow.File.Disclosure

Description

This indicates a malicious attacker tried to gain information through a vulnerability in chetcpasswd.cgi. If a malicious user sends an overly long URI string to chetcpasswd.cgi it is possible that the tail end of the local shadow file may be exposed.

Affected Products

CHETCPASSWD 1.12

Impact

Information Leakage.

Recommended Actions

Upgrade to CHETCPASSWD 1.12.1 or later.