Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0695

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-0695
Last Modified 05 Sep 2008 04:47:02
Published 07 Mar 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0695

Summary

The password recovery feature (forgotpassword.asp) in Hosting Controller 6.1 Hotfix 1.7 and earlier allows remote attackers to determine the owner's e-mail address by providing a portion of the domain name to the "login ID" field.

Vulnerable Systems

Application

  • Hosting Controller 1.1

  • Hosting Controller 1.3

  • Hosting Controller 1.4.1

  • Hosting Controller 1.4b

  • Hosting Controller 6.1

  • Hosting Controller 6.1 Hotfix 1.4

  • Hosting Controller 6.1 Hotfix 1.7


References

SECUNIA - 14522

BUGTRAQ - 20050307 Hosting Controller Multiple Unauthenticated information disclose

MISC - http://isun.shabgard.org/hc2.txt


Last Updated: 27 May 2016 10:39:54