CVE-2014-0103 Information

Description

WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext which allows local Apache users to obtain sensitive information by reading the PHP session files.

Reference

http://advisories.mageia.org/MGASA-2014-0380.html http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html http://www.mandriva.com/security/advisories?name=MDVSA-2014:182 http://www.securityfocus.com/bid/68247 https://bugzilla.redhat.com/show_bug.cgi?id=1073618