backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash.Referenceshttp://packetstormsecurity.com/files/126844/HandsomeWeb-SOS-Webpages-1.1.11-Backup-Hash-Disclosure.htmlhttp://sourceforge.net/projects/soswebpages/files/SOS%20Webpages/SOS%20Webpages%201.1.12/http://seclists.org/fulldisclosure/2014/May/130http://www.securityfocus.com/bid/67644https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3445/
