CVE-2001-1536

Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack.
Configurations

Configuration 1 (hide)

cpe:2.3:a:audiogalaxy:audiogalaxy:-:*:*:*:*:*:*:*

History

20 Nov 2024, 23:37

Type Values Removed Values Added
References () http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-11/0225.html - Broken Link () http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-11/0225.html - Broken Link
References () http://www.iss.net/security_center/static/7621.php - Broken Link () http://www.iss.net/security_center/static/7621.php - Broken Link
References () http://www.securityfocus.com/bid/3587 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/3587 - Broken Link, Third Party Advisory, VDB Entry

10 Feb 2024, 03:04

Type Values Removed Values Added
CVSS v2 : 5.0
v3 : unknown
v2 : 5.0
v3 : 7.5
References (BID) http://www.securityfocus.com/bid/3587 - (BID) http://www.securityfocus.com/bid/3587 - Broken Link, Third Party Advisory, VDB Entry
References (XF) http://www.iss.net/security_center/static/7621.php - (XF) http://www.iss.net/security_center/static/7621.php - Broken Link
References (BUGTRAQ) http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-11/0225.html - (BUGTRAQ) http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-11/0225.html - Broken Link
First Time Audiogalaxy
Audiogalaxy audiogalaxy
CWE NVD-CWE-Other CWE-312
CPE cpe:2.3:a:autogalaxy:autogalaxy:*:*:*:*:*:*:*:* cpe:2.3:a:audiogalaxy:audiogalaxy:-:*:*:*:*:*:*:*

Information

Published : 2001-12-31 05:00

Updated : 2024-11-20 23:37


NVD link : CVE-2001-1536

Mitre link : CVE-2001-1536

CVE.ORG link : CVE-2001-1536


JSON object : View

Products Affected

audiogalaxy

  • audiogalaxy
CWE
CWE-312

Cleartext Storage of Sensitive Information