Details of VAR-200607-0137

ID

VAR-200607-0137

CVE

CVE-2006-3398

TITLE

Taskjitsu form field password hash sensitive information disclosure vulnerability

Trust: 1.2

sources: CNVD: CNVD-2006-5044 // CNNVD: CNNVD-200607-076

DESCRIPTION

The "change password forms" in Taskjitsu before 2.0.1 includes password hashes in hidden form fields, which allows remote attackers to obtain sensitive information from the (1) Category Editor and (2) User Information editor. Taskjitsu is prone to multiple information disclosure vulnerabilities

Trust: 1.71

sources: NVD: CVE-2006-3398 // CNVD: CNVD-2006-5044 // BID: 81681

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2006-5044

AFFECTED PRODUCTS

vendor:	pkr internet	model:	taskjitsu	scope:	eq	version:	0.1	Trust: 1.6
vendor:	pkr internet	model:	taskjitsu	scope:	eq	version:	2.0	Trust: 1.6
vendor:	speedstream	model:	wireless router siemens	scope:	eq	version:	2624	Trust: 0.6
vendor:	pkr	model:	internet taskjitsu	scope:	eq	version:	2.0	Trust: 0.3
vendor:	pkr	model:	internet taskjitsu	scope:	eq	version:	0.1	Trust: 0.3

sources: CNVD: CNVD-2006-5044 // BID: 81681 // CNNVD: CNNVD-200607-076 // NVD: CVE-2006-3398

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-3398
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2006-5044
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-200607-076
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2006-3398
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2006-5044
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2006-5044 // CNNVD: CNNVD-200607-076 // NVD: CVE-2006-3398

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-3398

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200607-076

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200607-076

EXTERNAL IDS

db:	NVD	id:	CVE-2006-3398	Trust: 2.5
db:	VUPEN	id:	ADV-2006-2660	Trust: 2.2
db:	CNVD	id:	CNVD-2006-5044	Trust: 0.6
db:	CNNVD	id:	CNNVD-200607-076	Trust: 0.6
db:	BID	id:	81681	Trust: 0.3

sources: CNVD: CNVD-2006-5044 // BID: 81681 // CNNVD: CNNVD-200607-076 // NVD: CVE-2006-3398

REFERENCES

url:	http://www.pkrinternet.com/download/release-notes.txt	Trust: 1.9
url:	https://www.pkrinternet.com/taskjitsu/task/3400	Trust: 1.9
url:	http://www.vupen.com/english/advisories/2006/2660	Trust: 1.6
url:	http://www.frsirt.com/english/advisories/2006/2660	Trust: 0.6

sources: CNVD: CNVD-2006-5044 // BID: 81681 // CNNVD: CNNVD-200607-076 // NVD: CVE-2006-3398

CREDITS

Unknown

Trust: 0.3

sources: BID: 81681

SOURCES

db:	CNVD	id:	CNVD-2006-5044
db:	BID	id:	81681
db:	CNNVD	id:	CNNVD-200607-076
db:	NVD	id:	CVE-2006-3398

LAST UPDATE DATE

2024-08-14T14:53:35.651000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2006-5044	date:	2006-07-03T00:00:00
db:	BID	id:	81681	date:	2006-07-06T00:00:00
db:	CNNVD	id:	CNNVD-200607-076	date:	2006-07-21T00:00:00
db:	NVD	id:	CVE-2006-3398	date:	2024-02-14T01:17:43.863

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2006-5044	date:	2006-07-03T00:00:00
db:	BID	id:	81681	date:	2006-07-06T00:00:00
db:	CNNVD	id:	CNNVD-200607-076	date:	2006-07-06T00:00:00
db:	NVD	id:	CVE-2006-3398	date:	2006-07-06T20:05:00