Red Hat Bugzilla – Bug 439974
CVE-2008-1567 phpMyAdmin: user/password/secret key are stored plaintext
Last modified: 2008-04-02 13:14:44 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1567 to
the following vulnerability:
phpMyAdmin before 220.127.116.11 stores the (1) MySQL username, (2) password, and
the (2) Blowfish secret key in plaintext in the /tmp Session file, which allows
local users to obtain sensitive information.
Updates were already built and are currently awaiting bodhi review.
phpMyAdmin-18.104.22.168-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-22.214.171.124-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: