{"id": "CVE-2004-2723", "bulletinFamily": "NVD", "title": "CVE-2004-2723", "description": "NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords.", "published": "2004-12-31T05:00:00", "modified": "2017-07-29T01:29:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2723", "reporter": "cve@mitre.org", "references": ["http://www.osvdb.org/4814", "http://www.securityfocus.com/bid/9993", "https://exchange.xforce.ibmcloud.com/vulnerabilities/15641", "http://seclists.org/fulldisclosure/2004/Mar/1343.html", "http://securitytracker.com/id?1009577"], "cvelist": ["CVE-2004-2723"], "type": "cve", "lastseen": "2019-05-29T18:08:04", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "42c30d9a069019d81242ccc0bd5a88c9"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "7f31be2397cffd0509deeaf079ac5dc5"}, {"key": "cpe23", "hash": "7e13ca4a24fa72496511ac55b133e31a"}, {"key": "cvelist", "hash": "e34ffb53697b2e9a4235e9dfb10ad57f"}, {"key": "cvss", "hash": "8c29e327ecae9940af88849fdeee038f"}, {"key": "cvss2", "hash": "2d084acc005a2aed390a292ed3716c00"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "cc03f0f13c5b7a13cd38f730cca5a70f"}, {"key": "description", "hash": "bdd071bbacc072f308b385c1ef0a2145"}, {"key": "href", "hash": "a7250b8d55e129080902d1ccfb67354e"}, {"key": "modified", "hash": "81fbf4dc6a3bd69489aeb37b6c16d22d"}, {"key": "published", "hash": "3f051342f862f2833e883053d29ea929"}, {"key": "references", "hash": "1b87cbc394a02eccd0c20528eab44cdc"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "b2665a68d5c56d0086fa9a51747e11f6"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "112d4fd9827a3a09f86e77a29ad2f31ee55ac0f9ed01c278bf5f5099d31fc83c", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:4814"]}], "modified": "2019-05-29T18:08:04"}, "score": {"value": 3.1, "vector": "NONE", "modified": "2019-05-29T18:08:04"}, "vulnersScore": 3.1}, "objectVersion": "1.3", "cpe": ["cpe:/a:nessus:nessuswx:1.4.4"], "affectedSoftware": [{"name": "nessus nessuswx", "operator": "eq", "version": "1.4.4"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:nessus:nessuswx:1.4.4:*:*:*:*:*:*:*"], "cwe": ["CWE-255"]}

{"osvdb": [{"lastseen": "2017-04-28T13:19:59", "bulletinFamily": "software", "description": "## Vulnerability Description\nNessusWX contains a flaw that may lead to an unauthorized password exposure. It is possible for a malicious user to gain access to plaintext usernames and passwords by locating plugin configuration settings in directories ending with \".session\" under the NessusDB directory tree, leading to a loss of confidentiality.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nNessusWX contains a flaw that may lead to an unauthorized password exposure. It is possible for a malicious user to gain access to plaintext usernames and passwords by locating plugin configuration settings in directories ending with \".session\" under the NessusDB directory tree, leading to a loss of confidentiality.\n## Manual Testing Notes\nLook for the presence of session files such as:\nC:\\NessusDB\\MySession.session\n\n## References:\nVendor URL: http://nessuswx.nessus.org\nSecurity Tracker: 1009577\nOther Advisory URL: http://www.securitytracker.com/alerts/2004/Mar/1009577.html\nOther Advisory URL: http://seclists.org/fulldisclosure/2004/Mar/1343.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-03/1363.html\nMail List Post: http://archives.neohapsis.com/archives/sf/ms/2004-q2/0001.html\nISS X-Force ID: 15641\n[CVE-2004-2723](https://vulners.com/cve/CVE-2004-2723)\nBugtraq ID: 9993\n", "modified": "2004-03-26T00:00:00", "published": "2004-03-26T00:00:00", "id": "OSVDB:4814", "href": "https://vulners.com/osvdb/OSVDB:4814", "title": "NessusWX Username and Password Disclosure", "type": "osvdb", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}