CVE-2005-0823 - ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores usernames and passwords in cleartex

CVE-2005-0823

Summary

ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores usernames and passwords in cleartext in the MyDetails.txt file, which allows local users to gain privileges.

References

http://secunia.com/advisories/14629
http://securitytracker.com/id?1013458
http://securitytracker.com/id?1013459
http://www.securityfocus.com/bid/12830
https://exchange.xforce.ibmcloud.com/vulnerabilities/19717
https://exchange.xforce.ibmcloud.com/vulnerabilities/19718

Vulnerable Configurations

cpe:2.3:a:thepoolclub:ipool:*:*:*:*:*:*:*:*
cpe:2.3:a:thepoolclub:ipool:*:*:*:*:*:*:*:*
cpe:2.3:a:thepoolclub:isnooker:*:*:*:*:*:*:*:*
cpe:2.3:a:thepoolclub:isnooker:*:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	12830
sectrack	1013458 1013459
secunia	14629
xf	ipool-mydetails-plaintext-password(19717) isnooker-mydetails-plaintext-password(19718)

Last major update

11-07-2017 - 01:32

Published

02-05-2005 - 04:00

Last modified

11-07-2017 - 01:32