Lucene search

K
cve[email protected]CVE-2002-2412
HistoryOct 03, 2022 - 4:23 p.m.

CVE-2002-2412

2022-10-0316:23:50
CWE-255
web.nvd.nist.gov
16
cve-2002-2412
winamp
plaintext
authentication
vulnerability
local users

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

21.4%

Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts.

Affected configurations

NVD
Node
nullsoftwinampMatch2.80
VendorProductVersionCPE
nullsoftwinamp2.80cpe:/a:nullsoft:winamp:2.80:::

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

21.4%

Related for CVE-2002-2412