Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4677

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-4677
Last Modified 06 Dec 2011 12:00:00
Published 06 Dec 2011 06:55:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4677

Summary

One Click Orgs before 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

Vulnerable Systems

Application

  • Oneclickorgs One Click Orgs 1.0.0

  • Oneclickorgs One Click Orgs 1.0.1

  • Oneclickorgs One Click Orgs 1.1.0

  • Oneclickorgs One Click Orgs 1.1.1

  • Oneclickorgs One Click Orgs 1.2.0

  • Oneclickorgs One Click Orgs 1.2.1

  • Oneclickorgs One Click Orgs 1.2.2


References

MLIST - [oneclickorgs-devspace] 20111117 Announce: One Click Orgs 1.2.3

MISC - http://dmcdonald.net/?page_id=43


Last Updated: 27 May 2016 10:57:49