{"vuid":"VU#586720","idnumber":"586720","name":"JetboxOne leaves account database unencrypted","keywords":["JetboxOne","information disclosure","non-encrypted password file"],"overview":"JetboxOne does not encrypt information in the account information database. Any user with the ability to query the database may be able to view confidential account information.","clean_desc":"JetboxOne is an open-source content management system that is written in PHP. An information disclosure vulnerability exists because JetboxOne does not encrypt account information stored in the admin (user) and webuser (standard user) tables of a MySQL database.","impact":"Any user with the ability to query the database may be able to view confidential account information. This may lead to unauthorized access to other accounts.","resolution":"The CERT/CC is currently unaware of a practical solution to this problem.","workarounds":"","sysaffected":"","thanks":"This vulnerability was publicly reported by y3dips.","author":"This document was written by Jeff Gennari.","public":["h","t","t","p",":","/","/","e","c","h","o",".","o","r",".","i","d","/","a","d","v","/","a","d","v","0","3","-","y","3","d","i","p","s","-","2","0","0","4",".","t","x","t"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-08-06T12:56:29Z","publicdate":"2004-08-04T00:00:00Z","datefirstpublished":"2004-08-13T19:38:15Z","dateupdated":"2004-08-13T19:38:26Z","revision":37,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"16","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"1","cam_impact":"8","cam_easeofexploitation":"16","cam_attackeraccessrequired":"6","cam_scorecurrent":"0.2304","cam_scorecurrentwidelyknown":"0.288","cam_scorecurrentwidelyknownexploited":"0.576","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.2304,"vulnote":null}