VULHUB ™

Cart32 is a popular Shopping Cart systems for Windows developed by McMurtrey/Whitaker & Associates. During a remote installation, Cart32 creates a default cart32.ini file which contains the administrator password. The password is only weakly encrypted and as such, an attacker could grab the password hash from the .ini file and crack it leading to an attacker gaining Administrator privileges. In addition, the .ini file may contain the current and past administrative passwords displayed in clear text in the Debug section of the .ini file.

Cart32 is a popular Shopping Cart systems for Windows developed by McMurtrey/Whitaker & Associates. During a remote installation, Cart32 creates a default cart32.ini file which contains the administrator password. The password is only weakly encrypted and as such, an attacker could grab the password hash from the .ini file and crack it leading to an attacker gaining Administrator privileges. In addition, the .ini file may contain the current and past administrative passwords displayed in clear text in the Debug section of the .ini file.