4 matches found
CVE-2005-0812
The CVE-2005-0812 issue affects NotifyLink 3.0 where the web interface displays user passwords in cleartext on the administrative page. root cause: passwords are stored and exposed via the admin UI, enabling an attacker with web/admin access or local access to obtain credentials. Impact per sourc...
CVE-2005-0809
CVE-2005-0809 affects NotifyLink server: when client key retrieval is enabled, an unauthenticated HTTP POST to /hwp/get.asp can disclose AES keys. The server uses a fixed byte reordering scheme to obfuscate the key, substantially weakening cryptographic protection and enabling brute-force recover...
CVE-2005-0810
CVE-2005-0810: NotifyLink contains SQL injection vulnerabilities affecting NotifyLink Server (pre-3.0). Unauthenticated remote attackers can append SQL via various URLs to view/modify the NotifyLink SQL database; impact includes unauthorized user creation, password changes, and data exposure. The...
CVE-2005-0811
CVE-2005-0811 concerns the NotifyLink 3.0 web interface, where authenticated users can bypass GUI-enabled access restrictions by issuing direct requests to restricted URLs. The underlying issue is ineffective server-side access control for features that are disabled in the user interface, enablin...