CVE-2005-3429 - Rockliffe MailSite Express before 6.1.22, with the option to save login information enabled, saves u

CVE-2005-3429

Summary

Rockliffe MailSite Express before 6.1.22, with the option to save login information enabled, saves user passwords in plaintext in cookies, which allows local users to obtain passwords by reading the cookie file, or remote attackers to obtain the cookies via cross-site scripting (XSS) vulnerabilities.

References

Vulnerable Configurations

cpe:2.3:a:rockliffe:mailsite_express:6.1.20:*:*:*:*:*:*:*
cpe:2.3:a:rockliffe:mailsite_express:6.1.20:*:*:*:*:*:*:*
cpe:2.3:a:rockliffe:mailsite_express:*:*:*:*:*:*:*:*
cpe:2.3:a:rockliffe:mailsite_express:*:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 11-07-2017 - 01:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:N/A:N

refmap via4

bugtraq	20051028 Multiple vulnerabilities within RockLiffe MailSite Express WebMail
fulldisc	20051028 Multiple vulnerabilities within RockLiffe MailSite Express WebMail
misc	http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf
osvdb	22682
sectrack	1015117
xf	mailsiteexpress-cookie-plaintext-password(22906)

Last major update

11-07-2017 - 01:33

Published

02-11-2005 - 11:02

Last modified

11-07-2017 - 01:33