CVE-2003-1439

Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores passwords and sessions in plaintext in memory, which could allow local users to obtain sensitive information.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/archive/1/309775	Exploit
http://www.securityfocus.com/archive/1/309941/30/26090/threaded
http://www.securityfocus.com/bid/6743
https://exchange.xforce.ibmcloud.com/vulnerabilities/11244
http://www.securityfocus.com/archive/1/309775	Exploit
http://www.securityfocus.com/archive/1/309941/30/26090/threaded
http://www.securityfocus.com/bid/6743
https://exchange.xforce.ibmcloud.com/vulnerabilities/11244

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.11:::::::*
	cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.12:::::::*

History

20 Nov 2024, 23:47

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/archive/1/309775 - Exploit~~	() http://www.securityfocus.com/archive/1/309775 - Exploit
References	~~() http://www.securityfocus.com/archive/1/309941/30/26090/threaded -~~	() http://www.securityfocus.com/archive/1/309941/30/26090/threaded -
References	~~() http://www.securityfocus.com/bid/6743 -~~	() http://www.securityfocus.com/bid/6743 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/11244 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/11244 -

Information

Published : 2003-12-31 05:00

Updated : 2024-11-20 23:47

NVD link : CVE-2003-1439

Mitre link : CVE-2003-1439

CVE.ORG link : CVE-2003-1439

JSON object : View

Products Affected

silc

secure_internet_live_conferencing

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2003-1439", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-12-31T05:00:00.000", "references": [{"url": "http://www.securityfocus.com/archive/1/309775", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/309941/30/26090/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/6743", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11244", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/309775", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/309941/30/26090/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/6743", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11244", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores passwords and sessions in plaintext in memory, which could allow local users to obtain sensitive information."}], "lastModified": "2024-11-20T23:47:09.397", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B817C7B-DE89-40CF-AFED-384A69E5FEB3"}, {"criteria": "cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB65C90E-7029-494D-861E-20DA363A292D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}