CVE-1999-1072

CVSS 2.0 Score 7.2 of 10 (high)

Details

Published Nov 30, 1998
Updated: Nov 20, 2024

Summary

CVE-1999-1072 is a vulnerability affecting Excite for Web Servers (EWS) version 1.1. This issue grants local users the ability to elevate their privileges by extracting encrypted passwords from the world-readable Architext.conf file. They can then reuse these encrypted passwords to authenticate and access sensitive data through AT-generated.cgi or AT-admin.cgi. This exposure of confidential information allows unauthorized access and potential system compromise.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share