Hardcoded credentials

2011-07-1423:55:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.4%

JSON

functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

CPENameOperatorVersion
squirrelmaileq1.3.1
squirrelmaileq1.4.2
squirrelmaileq0.4
squirrelmaileq1.0.6
squirrelmaileq1.0.5
squirrelmaileq0.3
squirrelmaileq0.4.0-pre2
squirrelmaileq1.4.17
squirrelmaileq1.2.0 rc3
squirrelmaileq1.1.0

Name	Operator	Version
squirrelmail	eq	1.3.1
squirrelmail	eq	1.4.2
squirrelmail	eq	0.4
squirrelmail	eq	1.0.6
squirrelmail	eq	1.0.5
squirrelmail	eq	0.3
squirrelmail	eq	0.4.0-pre2
squirrelmail	eq	1.4.17
squirrelmail	eq	1.2.0 rc3
squirrelmail	eq	1.1.0

Rows per page:

1-10 of 911

References

lists.apple.com/archives/security-announce/2012/Feb/msg00000.html

rhn.redhat.com/errata/RHSA-2012-0103.html

squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/page_header.php?view=patch&r1=14117&r2=14116&pathrev=14117

support.apple.com/kb/HT5130

www.debian.org/security/2011/dsa-2291

www.mandriva.com/security/advisories?name=MDVSA-2011:123

www.squirrelmail.org/security/issue/2011-07-12

bugzilla.redhat.com/show_bug.cgi?id=720693

exchange.xforce.ibmcloud.com/vulnerabilities/68512