Lucene search

[email protected]CVE-2003-0046

HistoryFeb 19, 2003 - 5:00 a.m.

CVE-2003-0046

2003-02-1905:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

absolutetelnet

ssh2

logon credentials

memory access

plaintext passwords

6.8 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

23.9%

JSON

AbsoluteTelnet SSH2 client does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.

CPENameOperatorVersion
celestial_software:absolutetelnetcelestial software absolutetelneteq2.11

CPE	Name	Operator	Version
celestial_software:absolutetelnet	celestial software absolutetelnet	eq	2.11

References

marc.info/?l=bugtraq&m=104386492422014&w=2

www.celestialsoftware.net/telnet/beta_software.html

www.idefense.com/advisory/01.28.03.txt

www.osvdb.org/7686

www.securityfocus.com/bid/6725

www.securitytracker.com/id?1006013

6.8 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

23.9%

JSON

Related for CVE-2003-0046

securityvulns1