Insecure Storage of Database Credentials in TightAuction 3.0

Insecure Storage of Database Credentials in TightAuction 3.0

CVE-2002-1886 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password.

Learn more about our Web App Pen Testing.