Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2620

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-2620
Last Modified 05 Sep 2008 04:52:14
Published 17 Aug 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2620

Summary

grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the password using a debugger or another mechanism to read process memory.

Vulnerable Systems

Application

  • Novell Groupwise 6.0

  • Novell Groupwise 6.5

  • Novell Groupwise 6.5.2


References

CONFIRM - http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972056.htm

XF - groupwise-client-plaintext-password(21075)

CONFIRM - http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098073.htm

SECTRACK - 1014247

BID - 13997

MISC - http://www.securiteam.com/windowsntfocus/5UP0Q0UG0I.html

OSVDB - 17470

BUGTRAQ - 20050817 NOVL-2005010098073 GroupWise Password Caching

FULLDISC - 20050825 NOVL-2005010098073 GroupWise Password Caching

BUGTRAQ - 20050620 Novell GroupWise Plain Text Password Vulnerability.


Last Updated: 27 May 2016 10:40:34