Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0486

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-0486
Last Modified 10 Sep 2008 03:36:01
Published 30 Mar 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0486

Summary

Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and Tarantella Enterprise 3 3.40 and 3.30, when using RSA SecurID and multiple users have the same username, reveals sensitive information during authentication, which allows remote attackers to identify valid usernames and the authentication scheme.

Vulnerable Systems

Application

  • Tarantella Enterprise 3.30

  • Tarantella Enterprise 3.40

  • Tarantella Secure Global Desktop Enterprise 3.42

  • Tarantella Secure Global Desktop Enterprise 4.0


References

CONFIRM - http://www.tarantella.com/security/bulletin-11.html

XF - tarantella-enterprise-obtain-information(19407)


Last Updated: 27 May 2016 10:39:49