Launchpad.net

CVE 2011-0436

The register_user function in client/new_account_form.php in Domain Technologie Control (DTC) before 0.32.9 includes a cleartext password in an e-mail message, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

Related bugs and status

CVE-2011-0436 (Candidate) is related to these bugs:

Bug #729700: SQL injections in DTC

		In	Importance	Status
729700	SQL injections in DTC	dtc (Ubuntu)	Medium	Fix Released
729700	SQL injections in DTC	dtc (Ubuntu Karmic)	Medium	Fix Released
729700	SQL injections in DTC	dtc (Ubuntu Lucid)	Medium	Fix Released
729700	SQL injections in DTC	dtc (Ubuntu Maverick)	Medium	Fix Released
729700	SQL injections in DTC	dtc (Ubuntu Natty)	Medium	Fix Released

Bug #849544: remove dtc from oneiric and blacklist: multiple security and policy bugs

Summary				In	Importance	Status
	849544	remove dtc from oneiric and blacklist: multiple security and policy bugs		dtc (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-0436

Related bugs and status

Related bugs

References