CVE-2001-1481

Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.
References
Link Resource
http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0109.html Broken Link Exploit Vendor Advisory
http://www.securityfocus.com/archive/1/242375 Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/3582 Broken Link Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/7600 Third Party Advisory VDB Entry
http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0109.html Broken Link Exploit Vendor Advisory
http://www.securityfocus.com/archive/1/242375 Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/3582 Broken Link Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/7600 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:xitami:xitami:*:*:*:*:*:*:*:*
cpe:2.3:a:xitami:xitami:2.5:beta4:*:*:*:*:*:*

History

20 Nov 2024, 23:37

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0109.html - Broken Link, Exploit, Vendor Advisory () http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0109.html - Broken Link, Exploit, Vendor Advisory
References () http://www.securityfocus.com/archive/1/242375 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/242375 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/3582 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/3582 - Broken Link, Third Party Advisory, VDB Entry
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/7600 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/7600 - Third Party Advisory, VDB Entry

13 Feb 2024, 16:20

Type Values Removed Values Added
First Time Xitami
Xitami xitami
CVSS v2 : 10.0
v3 : unknown
v2 : 10.0
v3 : 9.8
CWE NVD-CWE-Other CWE-312
References () http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0109.html - Exploit, Vendor Advisory () http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0109.html - Broken Link, Exploit, Vendor Advisory
References () http://www.securityfocus.com/archive/1/242375 - () http://www.securityfocus.com/archive/1/242375 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/3582 - () http://www.securityfocus.com/bid/3582 - Broken Link, Third Party Advisory, VDB Entry
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/7600 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/7600 - Third Party Advisory, VDB Entry
CPE cpe:2.3:a:imatix:xitami:2.5_b4:*:*:*:*:*:*:*
cpe:2.3:a:imatix:xitami:2.4:*:*:*:*:*:*:*
cpe:2.3:a:imatix:xitami:2.5:*:*:*:*:*:*:*
cpe:2.3:a:xitami:xitami:*:*:*:*:*:*:*:*
cpe:2.3:a:xitami:xitami:2.5:beta4:*:*:*:*:*:*

Information

Published : 2001-12-31 05:00

Updated : 2024-11-20 23:37


NVD link : CVE-2001-1481

Mitre link : CVE-2001-1481

CVE.ORG link : CVE-2001-1481


JSON object : View

Products Affected

xitami

  • xitami
CWE
CWE-312

Cleartext Storage of Sensitive Information