Administrator Posted February 14, 2014 Share Posted February 14, 2014 cPanel TSR 2014-0002 Full Disclosure Case 89985 Summary Disclosure of cpanel-horde’s MySQL password due to world-readable backups. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description During the upgrade to Horde 5 on 11.42 systems, a backup tarball of the existing Horde configuration files is created. This backup tarball was created in a world-accessible directory with world-readable permissions, allowing local accounts to see the MySQL password for the shared cpanel-horde user. Credits This issue was discovered by Rack911. Solution This issue is resolved in the following builds:22.214.171.124 For the PGP-signed message, see http://cpanel.net/wp-content/uploads/2014/02/TSR-2014-0002-Full-Disclosure.txt. View the full article Link to comment Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!Register a new account
Already have an account? Sign in here.Sign In Now