CVE-2000-1076 - Netscape (iPlanet) Certificate Management System 4.2 and Directory Server 4.12 stores the administra

CVE-2000-1076

Summary

Netscape (iPlanet) Certificate Management System 4.2 and Directory Server 4.12 stores the administrative password in plaintext, which could allow local and possibly remote attackers to gain administrative privileges on the server.

References

Vulnerable Configurations

cpe:2.3:a:netscape:directory_server:4.12:*:*:*:*:*:*:*
cpe:2.3:a:netscape:directory_server:4.12:*:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_certificate_management_system:4.2:*:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_certificate_management_system:4.2:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 19-12-2017 - 02:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bugtraq	20001026 [CORE SDI ADVISORY] iPlanet Certificate Management System 4.2 path traversal bug
xf	iplanet-netscape-plaintext-password(5422)

Last major update

19-12-2017 - 02:29

Published

11-12-2000 - 05:00

Last modified

19-12-2017 - 02:29