VULHUB ™

Wuff MovieDB is a MySQL-Database which enables users to catalogue various media type files (VCD, SVCD, DVD, movies) with cover art. MovieDB includes a PHP front end to access and modify the database content. Due to a flaw in MovieDB, a user can gain knowledge of another user's password. This is achievable when a user is logging into the program. MovieDB is designed in such a way that when a user attempts to log into the program, the password field does not conceal the password, with for example asterisks. The password entered is in plain text, any on lookers may clearly read the authentication info and log in as that user.

Wuff MovieDB is a MySQL-Database which enables users to catalogue various media type files (VCD, SVCD, DVD, movies) with cover art. MovieDB includes a PHP front end to access and modify the database content. Due to a flaw in MovieDB, a user can gain knowledge of another user's password. This is achievable when a user is logging into the program. MovieDB is designed in such a way that when a user attempts to log into the program, the password field does not conceal the password, with for example asterisks. The password entered is in plain text, any on lookers may clearly read the authentication info and log in as that user.