Announcement-ID: PMASA-2008-2
Date: 2008-03-29
Credentials disclosure on shared hosts via session data
We received an advisory from Jim Hermann, and we wish to thank him for his work. phpMyAdmin saves sensitive information like the MySQL username and password and the Blowfish secret key in session data, which might be unprotected on a shared host.
We consider this vulnerability to be serious.
Versions before 2.11.5.1.
Upgrade to phpMyAdmin 2.11.5.1 or newer.
Assigned CVE ids: CVE-2008-1567
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.