Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1923

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2012-1923
Last Modified 05 Dec 2012 11:18:15
Published 17 Apr 2012 12:26:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-1923

Summary

RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x store passwords in cleartext under adm_b_db\users\, which allows local users to obtain sensitive information by reading a database.

Vulnerable Systems

Application

  • Realnetworks Helix Mobile Server 14.0.0

  • Realnetworks Helix Mobile Server 14.0.1

  • Realnetworks Helix Server 14.0.0

  • Realnetworks Helix Server 14.0.1

  • Realnetworks Helix Server 14.2

  • Realnetworks Helix Server 14.2.0.212


References

MISC - http://secunia.com/secunia_research/2012-8/

CONFIRM - http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf

BID - 52929

BUGTRAQ - 20120409 Secunia Research: RealNetworks Helix Server Credentials Disclosure Security Issue


Last Updated: 27 May 2016 10:58:24