CVE-2006-5474

{"id": "CVE-2006-5474", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-10-24T20:07:00.000", "references": [{"url": "http://oneorzero.com/downloads/release_notes/Current_Release_notes.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/22476", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1767", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/449352/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/20651", "source": "cve@mitre.org"}, {"url": "http://www.whitedust.net/speaks/3043/", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://oneorzero.com/downloads/release_notes/Current_Release_notes.html", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/22476", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/1767", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/449352/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/20651", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.whitedust.net/speaks/3043/", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The \"forgot password\" function in OneOrZero Helpdesk before 1.6.5.4 generates insecure passwords by concatenating the current timestamp with the username, which allows remote attackers to gain access as an arbitrary user by requesting a password reset."}, {"lang": "es", "value": "La funci\u00f3n \"forgot password\" en OneOrZero Helpdesk anterior a 1.6.5.4 genera contrase\u00f1as inseguras concatenando la marca de tiempo actual con el nombre de usuario, lo cual permite a atacantes remotos obtener acceso como usuario de su elecci\u00f3n mediante una petici\u00f3n de restablecimiento de contrase\u00f1a."}], "lastModified": "2024-11-21T00:19:22.480", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oneorzero:oneorzero_helpdesk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77B9BA4F-5FD4-4C37-836D-1F88D47DF543", "versionEndIncluding": "1.6.5.3"}, {"criteria": "cpe:2.3:a:oneorzero:oneorzero_helpdesk:1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71F48E6F-1E7A-4B5F-9A05-37B2D7D39BE2"}, {"criteria": "cpe:2.3:a:oneorzero:oneorzero_helpdesk:1.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10E97153-B0A5-4751-B657-79EF676FABD6"}, {"criteria": "cpe:2.3:a:oneorzero:oneorzero_helpdesk:1.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC596188-DBD8-4E56-953D-23B865670926"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "Upgrade to 1.6.5.4"}