VULHUB ™

Cobalt Security Advisory 01.31.2000 - For RaQ 1 and RaQ 2, through improper permissions checking in /.cobalt/siteUserMod/siteUserMod.cgi, any Site Administrator can change the password of the admin (root) account on the system. For RaQ 3, Through improper permissions checking in /.cobalt/siteUserMod/siteUserMod.cgi, any Site Administrator can change the password of any regular user or Site Administrator on the system, but not admin(root). Bug and exploit by Chuck Pitre

Cobalt Security Advisory 01.31.2000 - For RaQ 1 and RaQ 2, through improper permissions checking in /.cobalt/siteUserMod/siteUserMod.cgi, any Site Administrator can change the password of the admin (root) account on the system. For RaQ 3, Through improper permissions checking in /.cobalt/siteUserMod/siteUserMod.cgi, any Site Administrator can change the password of any regular user or Site Administrator on the system, but not admin(root). Bug and exploit by Chuck Pitre