Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6330

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-6330
Last Modified 15 Nov 2008 02:04:14
Published 13 Dec 2007 02:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6330

Summary

Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames and passwords to the client in a (1) cleartext or (2) weakly encrypted format to support client-side login authentication, which makes it easier for remote attackers to obtain database access by capturing credentials via a man-in-the-middle attack.

Vulnerable Systems

Application

  • Meridian Software Prolog Manager 2007

  • Meridian Software Prolog Manager 7.0

  • Meridian Software Prolog Manager 7.5


References

XF - prologmanager-password-disclosure(38996)

BID - 26826

BUGTRAQ - 20071211 Meridian Prolog Manager Username and Plain Text Password Disclosure

OSVDB - 42634

CONFIRM - http://www.kb.cert.org/vuls/id/MIMG-77FL3T

SECUNIA - 28065


Last Updated: 27 May 2016 10:46:28