CVE-2005-0695 Information

Description

The password recovery feature (forgotpassword.asp) in Hosting Controller 6.1 Hotfix 1.7 and earlier allows remote attackers to determine the owner’s e-mail address by providing a portion of the domain name to the \login ID\ field.

Reference

http://isun.shabgard.org/hc2.txt http://marc.info/?l=bugtraq&m=111026083314947&w=2 http://secunia.com/advisories/14522