CVE-2012-5696 Information

Description

Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config which allows remote attackers to obtain the plaintext database password via a direct request.

Reference

https://twitter.com/georgiaweidman/statuses/269138431567855618 https://www.htbridge.com/advisory/HTB23123