Design/Logic Flaw

2006-06-0101:02:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.9%

JSON

JIWA Financials 6.4.14 stores usernames and passwords for all accounts in cleartext in the HR_Staff table in Microsoft SQL Server, and sends the usernames and passwords in cleartext to the application’s SQL Server ODBC driver, which might allow context-dependent attackers to obtain the passwords.

CPENameOperatorVersion
financialsle6.4.14

CPE	Name	Operator	Version
	financials	le	6.4.14

References

lists.grok.org.uk/pipermail/full-disclosure/2006-May/046398.html

secunia.com/advisories/20342

securityreason.com/securityalert/1000

securitytracker.com/id?1016181

www.securityfocus.com/archive/1/435352/100/0/threaded