CVE-2004-2049

eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store sensitive usernames and passwords in cleartext in configuration files for the keeper library, which allows attackers to gain access.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=109068491801021&w=2
http://secunia.com/advisories/12154
http://securitytracker.com/id?1010770
http://www.osvdb.org/8247
http://www.securityfocus.com/bid/10794
https://exchange.xforce.ibmcloud.com/vulnerabilities/16795

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:esesix:thintune_extreme:2.4.38:::::::*
	cpe:2.3:h:esesix:thintune_l:2.4.38:::::::*
	cpe:2.3:h:esesix:thintune_m:2.4.38:::::::*
	cpe:2.3:h:esesix:thintune_mobile:2.4.38:::::::*
	cpe:2.3:h:esesix:thintune_s:2.4.38:::::::*
	cpe:2.3:h:esesix:thintune_xm:2.4.38:::::::*
	cpe:2.3:h:esesix:thintune_xs:2.4.38:::::::*

History

No history.

Information

Published : 2004-12-31 05:00

Updated : 2024-02-28 10:24

NVD link : CVE-2004-2049

Mitre link : CVE-2004-2049

CVE.ORG link : CVE-2004-2049

JSON object : View

Products Affected

esesix

thintune_l
thintune_xm
thintune_m
thintune_mobile
thintune_xs
thintune_extreme
thintune_s

CWE

NVD-CWE-Other

{"id": "CVE-2004-2049", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-12-31T05:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=109068491801021&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/12154", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1010770", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/8247", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/10794", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16795", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store sensitive usernames and passwords in cleartext in configuration files for the keeper library, which allows attackers to gain access."}], "lastModified": "2017-07-11T01:31:35.233", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:esesix:thintune_extreme:2.4.38:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99504BBD-2057-4EAD-8347-96216B3EEDCA"}, {"criteria": "cpe:2.3:h:esesix:thintune_l:2.4.38:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A96E308D-2610-4B0B-B4E3-16AF3E4C91E8"}, {"criteria": "cpe:2.3:h:esesix:thintune_m:2.4.38:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B63C47F9-CD0E-4B2A-8A4A-9DF5DACF51C4"}, {"criteria": "cpe:2.3:h:esesix:thintune_mobile:2.4.38:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B099B881-ED9D-4275-B870-DC8404EA397F"}, {"criteria": "cpe:2.3:h:esesix:thintune_s:2.4.38:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52D22936-D5EE-4588-9EE0-F1B628F951F8"}, {"criteria": "cpe:2.3:h:esesix:thintune_xm:2.4.38:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5313BBF6-89A0-48C4-9A4D-8601173201A1"}, {"criteria": "cpe:2.3:h:esesix:thintune_xs:2.4.38:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D79A571-BD13-4045-AFEF-90412D13F1A9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}