CVE-2002-0324
Last modified
CVE-2002-0324 is a vulnerability of currently unknown severity. Greymatter 1.21c and earlier with the Bookmarklet feature enabled allows remote attackers to read a cleartext password and gain administrative privileges by guessing the name of a gmrightclick-*.reg file which contains the administrator name and password in cleartext, then retrieving the file from the web server before the Greymatter administrator performs a "Clear And Exit" action.. EPSS estimates a 2.73% chance of exploitation in the next 30 days.
Description
Greymatter 1.21c and earlier with the Bookmarklet feature enabled allows remote attackers to read a cleartext password and gain administrative privileges by guessing the name of a gmrightclick-*.reg file which contains the administrator name and password in cleartext, then retrieving the file from the web server before the Greymatter administrator performs a "Clear And Exit" action.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Noah Gray | Graymatter | 1.1 |
| Noah Gray | Graymatter | 1.1b |
| Noah Gray | Graymatter | 1.2b |
| Noah Gray | Graymatter | 1.21 |
References
- http://www.dangerousmonkey.com/dangblog/dangarch/00000051.htmExploit, Vendor Advisory
- http://www.iss.net/security_center/static/8277.phpExploit, Vendor Advisory
- http://www.dangerousmonkey.com/dangblog/dangarch/00000051.htmExploit, Vendor Advisory
- http://www.iss.net/security_center/static/8277.phpExploit, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2002-0324?
How severe is CVE-2002-0324?
How do I fix CVE-2002-0324?
Are you affected by CVE-2002-0324?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST