CVE-2010-3122

{"id": "CVE-2010-3122", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-08-25T20:00:17.987", "references": [{"url": "http://www.kb.cert.org/vuls/id/278785", "tags": ["US Government Resource"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "The DevonIT thin-client management tool relies on a shared secret for authentication but transmits the secret in cleartext, which makes it easier for remote attackers to discover the secret value, and consequently obtain administrative control over client machines, by sniffing the network."}, {"lang": "es", "value": "La herramienta de gesti\u00f3n DevonIT para thin-clients cuenta con un secreto compartido para la autenticaci\u00f3n pero este es transmitido en texto plano, lo que facilita a atacantes remotos descubrirlo rastreando la red y consecuentemente, obtener el control para administrar las m\u00e1quinas clientes."}], "lastModified": "2010-08-26T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:devonit:thin-client_management_tool:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5DEE171-8B23-4815-8E4E-8BBCB39AE66F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}