Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache.
References
Link | Resource |
---|---|
http://www.iss.net/security_center/static/8612.php | Vendor Advisory |
http://www.securityfocus.com/archive/1/263485 | Vendor Advisory |
http://www.securityfocus.com/bid/4346 | Exploit Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2002-06-11T04:00:00
Updated: 2002-06-15T09:00:00
Reserved: 2002-06-07T00:00:00
Link: CVE-2002-0487
JSON object: View
NVD Information
Status : Analyzed
Published: 2002-08-12T04:00:00.000
Modified: 2008-09-05T20:28:09.353
Link: CVE-2002-0487
JSON object: View
Redhat Information
No data.
CWE