oss-sec mailing list archives
CVE request: phpmyadmin (PMASA-2008-2)
From: Hanno Böck <hanno () hboeck de>
Date: Sun, 30 Mar 2008 15:20:48 +0200
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2 Announcement-ID: PMASA-2008-2 Date: 2008-03-29 Summary: Credentials disclosure on shared hosts via session data Description: We received an advisory from Jim Hermann, and we wish to thank him for his work. phpMyAdmin saves sensitive information like the MySQL username and password and the Blowfish secret key in session data, which might be unprotected on a shared host. -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno () hboeck de
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE request: phpmyadmin (PMASA-2008-2) Hanno Böck (Mar 30)
- Re: CVE request: phpmyadmin (PMASA-2008-2) Steven M. Christey (Mar 31)