CVE-1999-1277 - BackWeb client stores the username and password in cleartext for proxy authentication in the Communi

CVE-1999-1277

Summary

BackWeb client stores the username and password in cleartext for proxy authentication in the Communication registry key, which could allow other local users to gain privileges by reading the password.

References

http://marc.info/?l=ntbugtraq&m=91487886514546&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/1565

Vulnerable Configurations

cpe:2.3:a:backweb_technologies:backweb_client:*:*:*:*:*:*:*:*
cpe:2.3:a:backweb_technologies:backweb_client:*:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 19-12-2017 - 02:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

ntbugtraq	19981224 BackWeb - Password issue (used by NAI for Corporate customer notification).
xf	backweb-cleartext-passwords(1565)

Last major update

19-12-2017 - 02:29

Published

24-12-1998 - 05:00

Last modified

19-12-2017 - 02:29