CVE-2006-2612 - Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a mac

CVE-2006-2612

Summary

Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a machine is locked, which allows users with physical access to read the current clipboard contents by pasting them into the "User Name" field on the login prompt.

References

Vulnerable Configurations

cpe:2.3:a:novell:client:4.8:*:windows:*:*:*:*:*
cpe:2.3:a:novell:client:4.8:*:windows:*:*:*:*:*
cpe:2.3:a:novell:client:4.9:*:windows:*:*:*:*:*
cpe:2.3:a:novell:client:4.9:*:windows:*:*:*:*:*

CVSS

Base:	2.1 (as of 18-10-2018 - 16:40)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bugtraq	20060521 Novell Client login form enables reading and writing from and to the clipboard of the logged-in user 20060522 Re: Novell Client login form enables reading and writing from and to the clipboard of the logged-in user
osvdb	25760
secunia	20194
sreason	961
xf	novell-client-clipboard-leak(26595)

Last major update

18-10-2018 - 16:40

Published

26-05-2006 - 01:06

Last modified

18-10-2018 - 16:40