CVE-2004-2398 Information

Description

Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql which is assigned world-readable permissions by cPanel 9.3.0 R5.

Reference

http://archives.neohapsis.com/archives/bugtraq/2004-05/0206.html http://www.securityfocus.com/bid/10390 https://exchange.xforce.ibmcloud.com/vulnerabilities/16197