Lucene search

[email protected]CVE-2005-0486

HistoryMar 30, 2005 - 5:00 a.m.

CVE-2005-0486

2005-03-3005:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-0486

information security

tarantella

authentication

remote attackers

rsa securid

7.3 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.6%

JSON

Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and Tarantella Enterprise 3 3.40 and 3.30, when using RSA SecurID and multiple users have the same username, reveals sensitive information during authentication, which allows remote attackers to identify valid usernames and the authentication scheme.

CPENameOperatorVersion
tarantella:tarantella_enterprisetarantella tarantella enterpriseeq3.40
tarantella:tarantella_enterprisetarantella tarantella enterpriseeq3.30
tarantella:secure_global_desktoptarantella secure global desktopeqenterprise_3.42
tarantella:secure_global_desktoptarantella secure global desktopeqenterprise_4.0

CPE	Name	Operator	Version
tarantella:tarantella_enterprise	tarantella tarantella enterprise	eq	3.40
tarantella:tarantella_enterprise	tarantella tarantella enterprise	eq	3.30
tarantella:secure_global_desktop	tarantella secure global desktop	eq	enterprise_3.42
tarantella:secure_global_desktop	tarantella secure global desktop	eq	enterprise_4.0

References

www.tarantella.com/security/bulletin-11.html

exchange.xforce.ibmcloud.com/vulnerabilities/19407

7.3 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.6%

JSON