FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- Username/Password Session File Information Disclosure

Affected packages
phpMyAdmin < 2.11.5.1

Details

VuXML ID 6eb1dc51-1244-11dd-bab7-0016179b2dd5
Discovery 2008-03-31
Entry 2008-04-24
Modified 2008-09-17

A phpMyAdmin security announcement report:

phpMyAdmin saves sensitive information like the MySQL username and password and the Blowfish secret key in session data, which might be unprotected on a shared host.

References

CVE Name CVE-2008-1567
URL http://secunia.com/advisories/29613/
URL http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-3