| ID |
CVE-2007-6330
|
| Summary |
Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames and passwords to the client in a (1) cleartext or (2) weakly encrypted format to support client-side login authentication, which makes it easier for remote attackers to obtain database access by capturing credentials via a man-in-the-middle attack. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:meridian_software:prolog_manager:7.0:*:*:*:*:*:*:*
cpe:2.3:a:meridian_software:prolog_manager:7.0:*:*:*:*:*:*:*
-
cpe:2.3:a:meridian_software:prolog_manager:7.5:*:*:*:*:*:*:*
cpe:2.3:a:meridian_software:prolog_manager:7.5:*:*:*:*:*:*:*
-
cpe:2.3:a:meridian_software:prolog_manager:2007:*:*:*:*:*:*:*
cpe:2.3:a:meridian_software:prolog_manager:2007:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 10.0 (as of 15-10-2018 - 21:52) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| refmap
via4
|
| bid | 26826 | | bugtraq | 20071211 Meridian Prolog Manager Username and Plain Text Password Disclosure | | cert-vn | VU#120593 | | confirm | http://www.kb.cert.org/vuls/id/MIMG-77FL3T | | osvdb | 42634 | | secunia | 28065 | | xf | prologmanager-password-disclosure(38996) |
|
| Last major update |
15-10-2018 - 21:52 |
| Published |
13-12-2007 - 19:46 |
| Last modified |
15-10-2018 - 21:52 |
