CVE-2007-6330

Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames and passwords to the client in a (1) cleartext or (2) weakly encrypted format to support client-side login authentication, which makes it easier for remote attackers to obtain database access by capturing credentials via a man-in-the-middle attack.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/42634
http://secunia.com/advisories/28065
http://www.kb.cert.org/vuls/id/120593	US Government Resource
http://www.kb.cert.org/vuls/id/MIMG-77FL3T
http://www.securityfocus.com/archive/1/484886/100/0/threaded
http://www.securityfocus.com/bid/26826
https://exchange.xforce.ibmcloud.com/vulnerabilities/38996
http://osvdb.org/42634
http://secunia.com/advisories/28065
http://www.kb.cert.org/vuls/id/120593	US Government Resource
http://www.kb.cert.org/vuls/id/MIMG-77FL3T
http://www.securityfocus.com/archive/1/484886/100/0/threaded
http://www.securityfocus.com/bid/26826
https://exchange.xforce.ibmcloud.com/vulnerabilities/38996

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:meridian_software:prolog_manager:7.0:::::::*
	cpe:2.3:a:meridian_software:prolog_manager:7.5:::::::*
	cpe:2.3:a:meridian_software:prolog_manager:2007:::::::*

History

21 Nov 2024, 00:39

Type	Values Removed	Values Added
References	~~() http://osvdb.org/42634 -~~	() http://osvdb.org/42634 -
References	~~() http://secunia.com/advisories/28065 -~~	() http://secunia.com/advisories/28065 -
References	~~() http://www.kb.cert.org/vuls/id/120593 - US Government Resource~~	() http://www.kb.cert.org/vuls/id/120593 - US Government Resource
References	~~() http://www.kb.cert.org/vuls/id/MIMG-77FL3T -~~	() http://www.kb.cert.org/vuls/id/MIMG-77FL3T -
References	~~() http://www.securityfocus.com/archive/1/484886/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/484886/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/26826 -~~	() http://www.securityfocus.com/bid/26826 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/38996 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/38996 -

Information

Published : 2007-12-13 19:46

Updated : 2025-04-09 00:30

NVD link : CVE-2007-6330

Mitre link : CVE-2007-6330

CVE.ORG link : CVE-2007-6330

JSON object : View

Products Affected

meridian_software

prolog_manager

CWE

NVD-CWE-Other

10.0 /10