Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2395

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-2395
Last Modified 05 Sep 2008 04:51:39
Published 27 Jul 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2395

Summary

Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available.

Vulnerable Systems

Application

  • Mozilla Firefox 1.0.4

  • Mozilla Firefox 1.0.5


References

BID - 14325

BUGTRAQ - 20050719 Mozilla cleartext credentials leak bug report to excuse myself (Re[2]: NTLM HTTP Authentication is insecure by design - a new writeup by Amit Klein)

MISC - https://bugzilla.mozilla.org/show_bug.cgi?id=281851

XF - mozilla-authentication-weakness(22272)

MISC - http://www.securiteam.com/securitynews/5PP0L00GUQ.html

OSVDB - 19002

SREASON - 8


Last Updated: 27 May 2016 10:40:30