Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3398

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-3398
Last Modified 07 Mar 2011 09:38:32
Published 06 Jul 2006 04:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3398

Summary

The "change password forms" in Taskjitsu before 2.0.1 includes password hashes in hidden form fields, which allows remote attackers to obtain sensitive information from the (1) Category Editor and (2) User Information editor.

Vulnerable Systems

Application

  • Pkr Internet Taskjitsu 0.1

  • Pkr Internet Taskjitsu 2.0


References

MISC - https://www.pkrinternet.com/taskjitsu/task/3400

VUPEN - ADV-2006-2660

CONFIRM - http://www.pkrinternet.com/download/RELEASE-NOTES.txt


Last Updated: 27 May 2016 10:42:58