CVE-2007-6096

Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext storage for passwords of "administrators with less privileges," which might allow attackers to read these passwords via unknown vectors.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://osvdb.org/42171
http://secunia.com/advisories/27688	Vendor Advisory
http://www.ingate.com/relnote-460.php
http://www.securityfocus.com/bid/26486
http://osvdb.org/42171
http://secunia.com/advisories/27688	Vendor Advisory
http://www.ingate.com/relnote-460.php
http://www.securityfocus.com/bid/26486

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:ingate:ingate_firewall::::::::
	cpe:2.3:h:ingate:ingate_siparator::::::::

History

21 Nov 2024, 00:39

Type	Values Removed	Values Added
References	~~() http://osvdb.org/42171 -~~	() http://osvdb.org/42171 -
References	~~() http://secunia.com/advisories/27688 - Vendor Advisory~~	() http://secunia.com/advisories/27688 - Vendor Advisory
References	~~() http://www.ingate.com/relnote-460.php -~~	() http://www.ingate.com/relnote-460.php -
References	~~() http://www.securityfocus.com/bid/26486 -~~	() http://www.securityfocus.com/bid/26486 -

Information

Published : 2007-11-22 00:46

Updated : 2024-11-21 00:39

NVD link : CVE-2007-6096

Mitre link : CVE-2007-6096

CVE.ORG link : CVE-2007-6096

JSON object : View

Products Affected

ingate

ingate_siparator
ingate_firewall

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2007-6096", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-11-22T00:46:00.000", "references": [{"url": "http://osvdb.org/42171", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27688", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.ingate.com/relnote-460.php", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/26486", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/42171", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/27688", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ingate.com/relnote-460.php", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/26486", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext storage for passwords of \"administrators with less privileges,\" which might allow attackers to read these passwords via unknown vectors."}, {"lang": "es", "value": "Ingate Firewall anterior a 4.6.0 y SIParator anterior a 4.6.0 usan almacenamiento en texto claro para las contrase\u00f1as de \"administradores con privilegios menores\", lo cual podr\u00eda permitir a atacantes leer estas contrase\u00f1as a trav\u00e9s de vectores desconocidos."}], "lastModified": "2024-11-21T00:39:21.040", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ingate:ingate_firewall:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FCD0134-18A5-4C85-B6D3-6E66A8983C43", "versionEndIncluding": "4.5.2"}, {"criteria": "cpe:2.3:h:ingate:ingate_siparator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "598B6EC9-AF61-4C65-AE23-FC8F42CE64B1", "versionEndIncluding": "4.5.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}