Cart32
------

CVE Number: 
CAN-2000-0429

Details:
The cgi script(s) for Cart32 was found on the system. This file
has a known backdoor password that allows for the gathering of
system information that could be used to gather sensitive
information.

Cart32's cart32.ini also may contain either older plaintext administrative
passwords, or the current password encrypted with a weak password scheme.

Fix:
It is recommended that an alternate e-commerce package be used on
the system, or that the appropriate patches be applied. Minimally, version
3.5a build 710 or higher should be used.

Related URLs:
http://www.cerberus-infosec.co.uk/advcart32.html
http://archives.neohapsis.com/archives/bugtraq/2000-11/0102.html
http://archives.neohapsis.com/archives/bugtraq/2000-11/0147.html
http://www.cart32.com/

$Id: Cart32,v 1.2 2001/01/03 22:43:42 loveless Exp $
