CVE-2005-3429

2005-11-0211:00:00

mitre

www.cve.org

AI Score

5.6

Confidence

High

EPSS

0.01

Percentile

83.6%

JSON

Rockliffe MailSite Express before 6.1.22, with the option to save login information enabled, saves user passwords in plaintext in cookies, which allows local users to obtain passwords by reading the cookie file, or remote attackers to obtain the cookies via cross-site scripting (XSS) vulnerabilities.

References

archives.neohapsis.com/archives/fulldisclosure/2005-10/0578.html

marc.info/?l=bugtraq&m=113053680631151&w=2

securitytracker.com/id?1015117

www.osvdb.org/22682

www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf

exchange.xforce.ibmcloud.com/vulnerabilities/22906