Lucene search

MitreCVE-2005-3429

HistoryNov 02, 2005 - 11:02 a.m.

CVE-2005-3429

2005-11-0211:02:00

mitre

web.nvd.nist.gov

cve-2005-3429

rockliffe mailsite express

plaintext password

xss

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.9

Confidence

High

EPSS

0.01

Percentile

83.6%

JSON

Rockliffe MailSite Express before 6.1.22, with the option to save login information enabled, saves user passwords in plaintext in cookies, which allows local users to obtain passwords by reading the cookie file, or remote attackers to obtain the cookies via cross-site scripting (XSS) vulnerabilities.

Affected configurations

Nvd

Node

rockliffemailsite_expressRange≤6.1.21

rockliffemailsite_expressMatch6.1.20

VendorProductVersionCPE
rockliffemailsite_express*cpe:2.3:a:rockliffe:mailsite_express:*:*:*:*:*:*:*:*
rockliffemailsite_express6.1.20cpe:2.3:a:rockliffe:mailsite_express:6.1.20:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rockliffe	mailsite_express	*	cpe:2.3:a:rockliffe:mailsite_express::::::::
rockliffe	mailsite_express	6.1.20	cpe:2.3:a:rockliffe:mailsite_express:6.1.20:::::::*

References

archives.neohapsis.com/archives/fulldisclosure/2005-10/0578.html

marc.info/?l=bugtraq&m=113053680631151&w=2

securitytracker.com/id?1015117

www.osvdb.org/22682

www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf

exchange.xforce.ibmcloud.com/vulnerabilities/22906

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.9

Confidence

High

EPSS

0.01

Percentile

83.6%

JSON

Related for CVE-2005-3429