Intrusion Prevention

CHETCPASSWD.Shadow.File.Disclosure

Description

This indicates an attack attempt against an Information Disclosure vulnerability in CHETCPASSWD.
The issue is caused by an error when the vulnerable software handles malicious requests sent to chetcpasswd.cgi. It may allow a remote attacker to expose the local shadow file by sending a crafted client request.

Affected Products

CHETCPASSWD 1.12

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Upgrade to CHETCPASSWD 1.12.1 or later.

CVE References

CVE-2002-2219