Sign-up

ID

VAR-200505-0417


CVE

CVE-2005-0844


TITLE

Nortel VPN Client Password leak vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200505-742

DESCRIPTION

Nortel VPN client 5.01 stores the cleartext password in the memory of the Extranet.exe process, which could allow local users to obtain sensitive information. Credentials that are harvested through the exploitation of this weakness may then be used to aid in further attacks. This weakness is reported to affect Nortel Contivity VPN Client version 5.01 for Microsoft Windows, versions for the Linux platform are not reported to be vulnerable. Other versions might also be affected

Trust: 1.26

sources: NVD: CVE-2005-0844 // BID: 12871 // VULHUB: VHN-12053

AFFECTED PRODUCTS

vendor:nortelmodel:contivityscope:eqversion:5.01

Trust: 1.6

vendor:nortelmodel:networks contivity vpn client 1 030scope:eqversion:5.0

Trust: 0.3

sources: BID: 12871 // CNNVD: CNNVD-200505-742 // NVD: CVE-2005-0844

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-0844
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200505-742
value: MEDIUM

Trust: 0.6

VULHUB: VHN-12053
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2005-0844
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-12053
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-12053 // CNNVD: CNNVD-200505-742 // NVD: CVE-2005-0844

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.1

sources: VULHUB: VHN-12053 // NVD: CVE-2005-0844

THREAT TYPE

local

Trust: 0.9

sources: BID: 12871 // CNNVD: CNNVD-200505-742

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-200505-742

EXTERNAL IDS

db:NVDid:CVE-2005-0844

Trust: 2.0

db:SECTRACKid:1013512

Trust: 1.7

db:CNNVDid:CNNVD-200505-742

Trust: 0.7

db:XFid:19791

Trust: 0.6

db:BUGTRAQid:20050322 NORTEL VPN CLIENT ISSUE: CLEAR-TEXT PASSWORD STORED IN MEMORY

Trust: 0.6

db:BIDid:12871

Trust: 0.4

db:VULHUBid:VHN-12053

Trust: 0.1

sources: VULHUB: VHN-12053 // BID: 12871 // CNNVD: CNNVD-200505-742 // NVD: CVE-2005-0844

REFERENCES

url:http://www.nta-monitor.com/news/vpn-flaws/nortel/nortel-client/

Trust: 1.7

url:http://securitytracker.com/id?1013512

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/19791

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=111151589203707&w=2

Trust: 1.0

url:http://xforce.iss.net/xforce/xfdb/19791

Trust: 0.6

url:http://marc.theaimsgroup.com/?l=bugtraq&m=111151589203707&w=2

Trust: 0.6

url:http://www.nortelnetworks.com/products/01/contivity/multi_os/

Trust: 0.3

url:/archive/1/393943

Trust: 0.3

url:http://marc.info/?l=bugtraq&m=111151589203707&w=2

Trust: 0.1

sources: VULHUB: VHN-12053 // BID: 12871 // CNNVD: CNNVD-200505-742 // NVD: CVE-2005-0844

CREDITS

Roy Hills※ Roy.Hills@nta-monitor.com

Trust: 0.6

sources: CNNVD: CNNVD-200505-742

SOURCES

db:VULHUBid:VHN-12053
db:BIDid:12871
db:CNNVDid:CNNVD-200505-742
db:NVDid:CVE-2005-0844

LAST UPDATE DATE

2024-08-14T14:08:50.667000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-12053date:2017-07-11T00:00:00
db:BIDid:12871date:2009-07-12T10:56:00
db:CNNVDid:CNNVD-200505-742date:2006-08-30T00:00:00
db:NVDid:CVE-2005-0844date:2017-07-11T01:32:26.063

SOURCES RELEASE DATE

db:VULHUBid:VHN-12053date:2005-05-02T00:00:00
db:BIDid:12871date:2005-03-22T00:00:00
db:CNNVDid:CNNVD-200505-742date:2005-03-23T00:00:00
db:NVDid:CVE-2005-0844date:2005-05-02T04:00:00