Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3429

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-3429
Last Modified 07 Mar 2011 09:26:31
Published 02 Nov 2005 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3429

Summary

Rockliffe MailSite Express before 6.1.22, with the option to save login information enabled, saves user passwords in plaintext in cookies, which allows local users to obtain passwords by reading the cookie file, or remote attackers to obtain the cookies via cross-site scripting (XSS) vulnerabilities.

Vulnerable Systems

Application

  • Rockliffe Mailsite Express 6.1.20

  • Rockliffe Mailsite Express 6.1.21


References

MISC - http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf

FULLDISC - 20051028 Multiple vulnerabilities within RockLiffe MailSite Express WebMail

XF - mailsiteexpress-cookie-plaintext-password(22906)

SECTRACK - 1015117

OSVDB - 22682


Last Updated: 27 May 2016 10:40:56