Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0174

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-0174
Last Modified 10 Sep 2008 09:04:42
Published 28 Jan 2008 09:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0174

Summary

GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges.

Vulnerable Systems

Application

  • Ge Fanuc Proficy Real-time Information Portal 2.6


References

CERT-VN - VU#180876

BID - 30754

BUGTRAQ - 20080125 C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability

CONFIRM - http://support.gefanuc.com/support/index?page=kbchannel&id=KB12459

SECTRACK - 1019273

BUGTRAQ - 20080129 Re: C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability

SREASON - 3590


Last Updated: 27 May 2016 10:46:42