CVE-2013-7385

Published: May 19, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7033.

Affected (9)

Products: Livezilla: Livezilla

Livezilla

1 product

Livezilla

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Livezilla Livezilla	Up to 5.1.2.1
Livezilla Livezilla	Version 5.0.1.0
Livezilla Livezilla	Version 5.0.1.1
Livezilla Livezilla	Version 5.0.1.2
Livezilla Livezilla	Version 5.0.1.3
Livezilla Livezilla	Version 5.0.1.4
Livezilla Livezilla	Version 5.1.0.0
Livezilla Livezilla	Version 5.1.1.0
Livezilla Livezilla	Version 5.1.2.0

Related CWEs

CWE-310

References (2)

http://packetstormsecurity.com/files/124444/LiveZilla-5.1.2.0-Insecure-Password-Storage.html

Source: cve@mitre.org

Exploit

http://packetstormsecurity.com/files/124444/LiveZilla-5.1.2.0-Insecure-Password-Storage.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.