VDG Security SENSE (formerly DIVA) 2.3.13 sends the user database when a user logs in, which allows remote authenticated users to obtain usernames and password hashes by logging in to TCP port 51410 and reading the response.
References
Configurations
History
21 Nov 2024, 02:21
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html - Exploit | |
References | () http://seclists.org/fulldisclosure/2014/Dec/76 - Exploit | |
References | () https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt - Exploit |
Information
Published : 2015-01-08 15:59
Updated : 2024-11-21 02:21
NVD link : CVE-2014-9577
Mitre link : CVE-2014-9577
CVE.ORG link : CVE-2014-9577
JSON object : View
Products Affected
vdgsecurity
- vdg_sense
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor