CVE-2009-4781 - TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded password for rem.accdb, which allows local

CVE-2009-4781

Summary

TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded password for rem.accdb, which allows local users to discover credentials via a DBI connection.

References

Vulnerable Configurations

cpe:2.3:a:tukeva:password_reminder:1.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tukeva:password_reminder:1.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tukeva:password_reminder:*:*:*:*:*:*:*:*
cpe:2.3:a:tukeva:password_reminder:*:*:*:*:*:*:*:*
cpe:2.3:a:tukeva:password_reminder:1.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:tukeva:password_reminder:1.0.0.0:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 14-02-2024 - 01:17)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

confirm	http://www.tekuva.com/index.php?option=com_docman&task=doc_details&gid=40&Itemid=9
exploit-db	10201
secunia	37553

Last major update

14-02-2024 - 01:17

Published

21-04-2010 - 14:30

Last modified

14-02-2024 - 01:17