CVE-2005-4775

Vulnerability

In Contineo 2.0, when the admin account is configured without an email address attribute, the application displays a warning message upon page reload that inadvertently includes the admin password hash in the password field [1]. This occurs because the system fails to properly clear or mask the password hash when regenerating the form after a validation error.

Exploitation

An attacker with network access to the Contineo web interface can trigger this behavior by accessing the admin setup page and causing a reload (e.g., by submitting the form without an email address) [1]. No authentication is required if the setup page is publicly accessible; otherwise, the attacker would need admin credentials to reach the page. The hash is displayed in the password field of the reloaded page.

Impact

Successful exploitation allows a remote attacker to view the admin password hash [1]. With the hash, the attacker may attempt offline cracking to recover the plaintext password, potentially gaining full administrative access to the Contineo application.

Mitigation

The fix was committed to CVS on 2005-11-07 [1]. Users should upgrade to a version containing this fix or apply the patch from the CVS repository. As a workaround, ensure the admin account has a valid email address configured to prevent the warning from appearing.