Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1606

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2005-1606
Last Modified 05 Sep 2008 04:49:35
Published 16 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-1606

Summary

H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such as username and password in plaintext in world-readable log files, which allows local users to gain privileges.

Vulnerable Systems

Application

  • Positive Software H-sphere Winbox 2.4.2 Patch 4

  • Positive Software H-sphere Winbox 2.4.3 Rc1


References

XF - hsphere-information-disclosure(20522)

BID - 13559

CONFIRM - http://www.psoft.net/misc/hsphere_winbox_security_update_passwd.html

SECUNIA - 15287

MISC - http://exploitlabs.com/files/advisories/EXPL-A-2005-007-hsphere.txt

OSVDB - 16239


Last Updated: 27 May 2016 10:40:14