Sign-up

ID

VAR-200505-1002


CVE

CVE-2005-1062


TITLE

[CAN-2005-1062] Management Protocol Allows Local Remote Password Cracking Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200505-018

DESCRIPTION

The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to quickly obtain passwords that are 5 characters or less via brute force methods. Personal Firewall is prone to a remote security vulnerability

Trust: 1.26

sources: NVD: CVE-2005-1062 // BID: 90125 // VULHUB: VHN-12271

AFFECTED PRODUCTS

vendor:keriomodel:personal firewallscope:eqversion:4.0.10

Trust: 1.9

vendor:keriomodel:mailserverscope:eqversion:6.0.8

Trust: 1.9

vendor:keriomodel:mailserverscope:eqversion:6.0.5

Trust: 1.9

vendor:keriomodel:mailserverscope:eqversion:6.0.4

Trust: 1.9

vendor:keriomodel:mailserverscope:eqversion:6.0.3

Trust: 1.9

vendor:keriomodel:mailserverscope:eqversion:6.0.2

Trust: 1.9

vendor:keriomodel:mailserverscope:eqversion:6.0.7

Trust: 1.9

vendor:keriomodel:mailserverscope:eqversion:6.0.6

Trust: 1.9

vendor:keriomodel:mailserverscope:eqversion:6.0.1

Trust: 1.9

vendor:keriomodel:mailserverscope:eqversion:6.0.0

Trust: 1.9

vendor:keriomodel:winroute firewallscope:eqversion:6.0.10

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.9

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.8

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.5

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.4

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.3

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.2

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.7

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.6

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.1

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.0

Trust: 1.3

vendor:keriomodel:personal firewallscope:eqversion:4.0.16

Trust: 1.3

vendor:keriomodel:personal firewallscope:eqversion:4.0.15

Trust: 1.3

vendor:keriomodel:personal firewallscope:eqversion:4.0.14

Trust: 1.3

vendor:keriomodel:personal firewallscope:eqversion:4.0.13

Trust: 1.3

vendor:keriomodel:personal firewallscope:eqversion:4.0.12

Trust: 1.3

vendor:keriomodel:personal firewallscope:eqversion:4.0.11

Trust: 1.3

vendor:keriomodel:personal firewallscope:eqversion:4.0.9

Trust: 1.3

vendor:keriomodel:personal firewallscope:eqversion:4.0.8

Trust: 1.3

vendor:keriomodel:personal firewallscope:eqversion:4.0.7

Trust: 1.3

vendor:keriomodel:personal firewallscope:eqversion:4.1.2

Trust: 1.3

vendor:keriomodel:personal firewallscope:eqversion:4.1.1

Trust: 1.3

vendor:keriomodel:personal firewallscope:eqversion:4.1.0

Trust: 1.3

sources: BID: 90125 // CNNVD: CNNVD-200505-018 // NVD: CVE-2005-1062

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-1062
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200505-018
value: HIGH

Trust: 0.6

VULHUB: VHN-12271
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2005-1062
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-12271
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-12271 // CNNVD: CNNVD-200505-018 // NVD: CVE-2005-1062

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-1062

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200505-018

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200505-018

EXTERNAL IDS

db:NVDid:CVE-2005-1062

Trust: 2.0

db:CNNVDid:CNNVD-200505-018

Trust: 0.7

db:BUGTRAQid:20050429 [CAN-2005-1062] ADMINISTRATION PROTOCOL ABUSE ALLOWS LOCAL/REMOTE PASSWORD CRACKING

Trust: 0.6

db:BIDid:90125

Trust: 0.4

db:VULHUBid:VHN-12271

Trust: 0.1

sources: VULHUB: VHN-12271 // BID: 90125 // CNNVD: CNNVD-200505-018 // NVD: CVE-2005-1062

REFERENCES

url:http://research.tic.udc.es/scg/advisories/20050429-1.txt

Trust: 2.6

url:http://www.securityfocus.com/archive/1/397221

Trust: 2.0

url:http://www.kerio.com/security_advisory.html

Trust: 2.0

url: -

Trust: 0.1

sources: VULHUB: VHN-12271 // BID: 90125 // CNNVD: CNNVD-200505-018 // NVD: CVE-2005-1062

CREDITS

Unknown

Trust: 0.3

sources: BID: 90125

SOURCES

db:VULHUBid:VHN-12271
db:BIDid:90125
db:CNNVDid:CNNVD-200505-018
db:NVDid:CVE-2005-1062

LAST UPDATE DATE

2024-08-14T14:00:36.713000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-12271date:2011-03-08T00:00:00
db:BIDid:90125date:2005-05-02T00:00:00
db:CNNVDid:CNNVD-200505-018date:2006-09-27T00:00:00
db:NVDid:CVE-2005-1062date:2011-03-08T02:21:01.907

SOURCES RELEASE DATE

db:VULHUBid:VHN-12271date:2005-05-02T00:00:00
db:BIDid:90125date:2005-05-02T00:00:00
db:CNNVDid:CNNVD-200505-018date:2005-05-02T00:00:00
db:NVDid:CVE-2005-1062date:2005-05-02T04:00:00