Lucene search

K
cve[email protected]CVE-2002-2412
HistoryOct 03, 2022 - 4:23 p.m.

CVE-2002-2412

2022-10-0316:23:50
CWE-255
web.nvd.nist.gov
16
cve-2002-2412
winamp
plaintext
authentication
vulnerability
local users

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

21.4%

Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts.

Affected configurations

NVD
Node
nullsoftwinampMatch2.80
CPENameOperatorVersion
nullsoft:winampnullsoft winampeq2.80

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

21.4%

Related for CVE-2002-2412