| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism. |
| installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen. |
| The OSAL_Crypt_SetEncryptedPassword function in InfraStack/OSDependent/Linux/OSAL/Services/wimax_osal_crypt_services.c in the OSAL crypt module in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices logs a cleartext password during certain attempts to set a password, which allows local users to obtain sensitive information by reading a log file. |
| The createRandomPassword function in includes/functions_common.php in Virtual War (aka VWar) 1.6.1 R2 uses a small range of values to select the seed argument for the PHP mt_srand function, which makes it easier for remote attackers to determine randomly generated passwords via a brute-force attack. |
| SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors. |
| libuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values. |
| Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database. |
| Google Chrome, possibly 3.0.195.21 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and passwords in plaintext in the HKLM\Software\Ozeki\SMSServer\CurrentVersion\Plugins\httpsmsgate registry key, which allows local users to obtain sensitive information. |
| OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate. |
| ChainKey Java Code Protection allows attackers to decompile Java class files via a Java class loader with a modified defineClass method that saves the bytecode to a file before it is passed to the JVM. |
| ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the _changepassword function. |
| Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file. |
| Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. |
| The Blackberry Browser in RIM BlackBerry Device Software 4.5.0 before 4.5.0.173, 4.6.0 before 4.6.0.303, 4.6.1 before 4.6.1.309, 4.7.0 before 4.7.0.179, and 4.7.1 before 4.7.1.57 does not properly handle "hidden" characters including a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. |
| The Globe7 soft phone client 7.3 sends username and password information in cleartext, which allows remote attackers to obtain sensitive information by sniffing the HTTP traffic. |
| GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. |
| Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses. |
| Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service (CPU consumption and server hang) via a long title parameter in conjunction with a charset parameter composed of many comma-separated "UTF-8" substrings, related to the mb_convert_encoding function in PHP. |
| The get_instantiation_keyring function in security/keys/keyctl.c in the KEYS subsystem in the Linux kernel before 2.6.32-rc5 does not properly maintain the reference count of a keyring, which allows local users to gain privileges or cause a denial of service (OOPS) via vectors involving calls to this function without specifying a keyring by ID, as demonstrated by a series of keyctl request2 and keyctl list commands. |
