CVE-2002-0810 Information

Description

Bugzilla 2.14 before 2.14.2 and 2.16 before 2.16rc2 directs error messages from the syncshadowdb command to the HTML output which could leak sensitive information including plaintext passwords if syncshadowdb fails.

Reference

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html http://bugzilla.mozilla.org/show_bug.cgi?id=92263 http://www.iss.net/security_center/static/9306.php http://www.osvdb.org/6399 http://www.redhat.com/support/errata/RHSA-2002-109.html http://www.securityfocus.com/bid/4964