CVE-2002-0487 - OpenCVE

Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Workforceroi	Xpede

Configuration 1 [-]

OR	cpe:2.3:a:workforceroi:xpede:4.1:::::::*
	cpe:2.3:a:workforceroi:xpede:7.0:::::::*

References

Link	Resource
http://www.iss.net/security_center/static/8612.php	Vendor Advisory
http://www.securityfocus.com/archive/1/263485	Vendor Advisory
http://www.securityfocus.com/bid/4346	Exploit Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2002-06-11T04:00:00

Updated: 2002-06-15T09:00:00

Reserved: 2002-06-07T00:00:00

Link: CVE-2002-0487

JSON object: View

NVD Information

Status : Analyzed

Published: 2002-08-12T04:00:00.000

Modified: 2008-09-05T20:28:09.353

Link: CVE-2002-0487

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-03-22T00:00:00", "descriptions": [{"lang": "en", "value": "Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript \"session timeout\" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2002-06-15T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20020322 Xpede passwords exposed (2 vuln.)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/263485"}, {"name": "xpede-reauth-plaintext-password(8612)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/8612.php"}, {"name": "4346", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/4346"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0487", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript \"session timeout\" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20020322 Xpede passwords exposed (2 vuln.)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/263485"}, {"name": "xpede-reauth-plaintext-password(8612)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/8612.php"}, {"name": "4346", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4346"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0487", "datePublished": "2002-06-11T04:00:00", "dateReserved": "2002-06-07T00:00:00", "dateUpdated": "2002-06-15T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}