Lucene search

[email protected]CVE-2009-4781

HistoryApr 21, 2010 - 2:30 p.m.

CVE-2009-4781

2010-04-2114:30:00

CWE-255

[email protected]

web.nvd.nist.gov

tukeva

password reminder

vulnerability

hard-coded password

local users

credentials

dbi connection

7.2 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded password for rem.accdb, which allows local users to discover credentials via a DBI connection.

CPENameOperatorVersion
tukeva:password_remindertukeva password remindereq1.0.0.1
tukeva:password_remindertukeva password reminderle1.0.0.2
tukeva:password_remindertukeva password remindereq1.0.0.0

CPE	Name	Operator	Version
tukeva:password_reminder	tukeva password reminder	eq	1.0.0.1
tukeva:password_reminder	tukeva password reminder	le	1.0.0.2
tukeva:password_reminder	tukeva password reminder	eq	1.0.0.0

References

secunia.com/advisories/37553

www.exploit-db.com/exploits/10201

www.tekuva.com/index.php?option=com_docman&task=doc_details&gid=40&Itemid=9

7.2 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2009-4781

cvelist1 prion1