phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password.Referenceshttp://www.securityfocus.com/bid/5947http://www.iss.net/security_center/static/10352.phphttp://archives.neohapsis.com/archives/bugtraq/2002-10/0148.html
