Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3059

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2008-3059
Last Modified 05 Feb 2009 01:44:08
Published 03 Dec 2008 12:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-3059

Summary

member/settings_account.php in Octeth Oempro 3.5.5.1, and possibly other versions before 4, uses cleartext to transmit a password entered in the FormValue_Password field, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to the "Settings - Account Information" tab.

Vulnerable Systems

Application

  • Octeth Oempro 3.5.5.1


References

XF - oempro-settingsaccount-info-disclosure(47115)

OSVDB - 50324

MISC - http://osvdb.org/ref/50/oempro.txt

MISC - http://octeth.com/blog/category/oempro4/


Last Updated: 27 May 2016 10:48:04