CVE-2001-0415 - REDIPlus program, REDI.exe, stores passwords and user names in cleartext in the StartLog.txt log fil

CVE-2001-0415

Summary

REDIPlus program, REDI.exe, stores passwords and user names in cleartext in the StartLog.txt log file, which allows local users to gain access to other accounts.

References

http://archives.neohapsis.com/archives/bugtraq/2001-03/0275.html
http://www.securityfocus.com/bid/2495
https://exchange.xforce.ibmcloud.com/vulnerabilities/6276

Vulnerable Configurations

cpe:2.3:a:redi:rediplus:1.0:*:*:*:*:*:*:*
cpe:2.3:a:redi:rediplus:1.0:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 19-12-2017 - 02:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	2495
bugtraq	20010320 Password stored in clear text vulnerability in real time stock trading program
xf	rediplus-weak-security(6276)

Last major update

19-12-2017 - 02:29

Published

27-06-2001 - 04:00

Last modified

19-12-2017 - 02:29