CVE-2007-6096 - Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext storage for passwords of "admi

CVE-2007-6096

Summary

Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext storage for passwords of "administrators with less privileges," which might allow attackers to read these passwords via unknown vectors.

References

http://osvdb.org/42171
http://secunia.com/advisories/27688
http://www.ingate.com/relnote-460.php
http://www.securityfocus.com/bid/26486

Vulnerable Configurations

cpe:2.3:h:ingate:ingate_firewall:*:*:*:*:*:*:*:*
cpe:2.3:h:ingate:ingate_firewall:*:*:*:*:*:*:*:*
cpe:2.3:h:ingate:ingate_siparator:*:*:*:*:*:*:*:*
cpe:2.3:h:ingate:ingate_siparator:*:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 15-11-2008 - 07:03)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	26486
confirm	http://www.ingate.com/relnote-460.php
osvdb	42171
secunia	27688

Last major update

15-11-2008 - 07:03

Published

22-11-2007 - 00:46

Last modified

15-11-2008 - 07:03