mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
119 lines
3.6 KiB
JSON
119 lines
3.6 KiB
JSON
{
|
|
"id": "CVE-2006-5474",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2006-10-24T20:07:00.000",
|
|
"lastModified": "2018-10-17T21:43:30.033",
|
|
"vulnStatus": "Modified",
|
|
"evaluatorSolution": "Upgrade to 1.6.5.4",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The \"forgot password\" function in OneOrZero Helpdesk before 1.6.5.4 generates insecure passwords by concatenating the current timestamp with the username, which allows remote attackers to gain access as an arbitrary user by requesting a password reset."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "La funci\u00f3n \"forgot password\" en OneOrZero Helpdesk anterior a 1.6.5.4 genera contrase\u00f1as inseguras concatenando la marca de tiempo actual con el nombre de usuario, lo cual permite a atacantes remotos obtener acceso como usuario de su elecci\u00f3n mediante una petici\u00f3n de restablecimiento de contrase\u00f1a."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 7.5
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": true,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-Other"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oneorzero:oneorzero_helpdesk:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "1.6.5.3",
|
|
"matchCriteriaId": "77B9BA4F-5FD4-4C37-836D-1F88D47DF543"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oneorzero:oneorzero_helpdesk:1.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "71F48E6F-1E7A-4B5F-9A05-37B2D7D39BE2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oneorzero:oneorzero_helpdesk:1.6.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "10E97153-B0A5-4751-B657-79EF676FABD6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oneorzero:oneorzero_helpdesk:1.6.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BC596188-DBD8-4E56-953D-23B865670926"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://oneorzero.com/downloads/release_notes/Current_Release_notes.html",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://securityreason.com/securityalert/1767",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/archive/1/449352/100/0/threaded",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/20651",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.whitedust.net/speaks/3043/",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Exploit",
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |