CVE-2002-0917

Description

CGIScript.net csPassword.cgi stores .htpasswd files under the web document root, which could allow remote authenticated users to download the file and crack the passwords of other users.

Affected products

• cgiscript.net / cspassword1.0 – 1.0

References

• MISChttp://online.securityfocus.com/archive/1/274727
• MISChttp://www.securityfocus.com/bid/4885
• MISChttp://www.iss.net/security_center/static/9220.php