Lucene search

MitreCVE-2008-3059

HistoryDec 03, 2008 - 5:30 p.m.

CVE-2008-3059

2008-12-0317:30:00

CWE-255

mitre

web.nvd.nist.gov

octeth

oempro

vulnerability

cleartext password

transmission

security issue

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.002

Percentile

62.0%

JSON

member/settings_account.php in Octeth Oempro 3.5.5.1, and possibly other versions before 4, uses cleartext to transmit a password entered in the FormValue_Password field, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to the “Settings - Account Information” tab.

Affected configurations

Nvd

Node

octethoemproMatch3.5.5.1

VendorProductVersionCPE
octethoempro3.5.5.1cpe:2.3:a:octeth:oempro:3.5.5.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
octeth	oempro	3.5.5.1	cpe:2.3:a:octeth:oempro:3.5.5.1:::::::*

References

octeth.com/blog/category/oempro4/

osvdb.org/ref/50/oempro.txt

www.osvdb.org/50324

exchange.xforce.ibmcloud.com/vulnerabilities/47115

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.002

Percentile

62.0%

JSON

Related for CVE-2008-3059