Lucene search

[email protected]CVE-2004-0939

HistoryFeb 09, 2005 - 5:00 a.m.

CVE-2004-0939

2005-02-0905:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

nvd

cve-2004-0939

neoteris

ive

ldap

authentication

password

brute force

7.8 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.5%

JSON

changepassword.cgi in Neoteris Instant Virtual Extranet (IVE) 3.x and 4.x, with LDAP authentication or NT domain authentication enabled, does not limit the number of times a bad password can be entered, which allows remote attackers to guess passwords via a brute force attack.

CPENameOperatorVersion
neoteris:instant_virtual_extranetneoteris instant virtual extraneteq*

CPE	Name	Operator	Version
neoteris:instant_virtual_extranet	neoteris instant virtual extranet	eq	*

References

marc.info/?l=bugtraq&m=109709990708794&w=2

secunia.com/advisories/12752

securitytracker.com/id?1011552

www.gosecure.ca/SecInfo/gosecure-2004-10.txt

www.osvdb.org/8365

exchange.xforce.ibmcloud.com/vulnerabilities/17629

7.8 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.5%

JSON