Excite: Security Vulnerabilities
Excite for Web Servers (EWS) 1.1 installs the Architext.conf authentication file with world-writeable permissions, which allows local users to gain access to Excite accounts by modifying the file.
CVSS Score
7.2
EPSS Score
0.0
Published
1998-11-30
Excite for Web Servers (EWS) 1.1 allows local users to gain privileges by obtaining the encrypted password from the world-readable Architext.conf authentication file and replaying the encrypted password in an HTTP request to AT-generated.cgi or AT-admin.cgi.
CVSS Score
7.2
EPSS Score
0.002
Published
1998-11-30
Excite for Web Servers (EWS) 1.1 records the first two characters of a plaintext password in the beginning of the encrypted password, which makes it easier for an attacker to guess passwords via a brute force or dictionary attack.
CVSS Score
7.2
EPSS Score
0.001
Published
1998-11-30
Excite for Web Servers (EWS) allows remote command execution via shell metacharacters.
CVSS Score
7.5
EPSS Score
0.012
Published
1998-01-01