Lucene search

[email protected]CVE-2005-2462

HistoryDec 31, 2005 - 5:00 a.m.

CVE-2005-2462

2005-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-2462

kayako liveresponse

plaintext password

security vulnerability

nvd

7.1 High

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

47.5%

JSON

Kayako liveResponse 2.x, when logging in a user, records the password in plaintext in the URL, which allows local users and possibly remote attackers to gain privileges.

CPENameOperatorVersion
kayako:liveresponsekayako liveresponseeq2.0

CPE	Name	Operator	Version
kayako:liveresponse	kayako liveresponse	eq	2.0

References

marc.info/?l=bugtraq&m=112274359718863&w=2

secunia.com/advisories/16286

www.gulftech.org/?node=research&article_id=00092-07302005

www.osvdb.org/18398

www.securityfocus.com/bid/14425

7.1 High

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

47.5%

JSON

Related for CVE-2005-2462

nessus1