CVE-2010-0216 Information

Description

authenticate_ad_setup_finished.cfm in MediaCAST 8 and earlier allows remote attackers to discover usernames and cleartext passwords by reading the error messages returned for requests that use the UserID parameter.

Reference

http://secunia.com/advisories/44182 http://securityreason.com/securityalert/8245 http://www.osvdb.org/72079 http://www.packetninjas.net/storage/advisories/MediaCast-PWDump-FINAL.txt http://www.securityfocus.com/bid/47572 https://exchange.xforce.ibmcloud.com/vulnerabilities/67082