ID

VAR-201310-0621


CVE

CVE-2013-6246


TITLE

Dell Quest One Password Manager Vulnerabilities in which capture protection is bypassed

Trust: 0.8

sources: JVNDB: JVNDB-2013-004888

DESCRIPTION

The Dell Quest One Password Manager, possibly 5.0, allows remote attackers to bypass CAPTCHA protections and obtain sensitive information (user's full name) by sending a login request with a valid domain and username but without the CaptchaType, UseCaptchaEveryTime, and CaptchaResponse parameters. DELL Quest One Password Manager is prone to a security bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and gain access to sensitive areas of the application to perform unauthorized actions; this may aid in launching further attacks. The software allows end users to reset forgotten passwords and unlock accounts, and supports the enforcement of secure data access policies

Trust: 1.98

sources: NVD: CVE-2013-6246 // JVNDB: JVNDB-2013-004888 // BID: 63259 // VULHUB: VHN-66248

AFFECTED PRODUCTS

vendor:dellmodel:quest one password managerscope:eqversion:5.0

Trust: 2.4

sources: JVNDB: JVNDB-2013-004888 // CNNVD: CNNVD-201310-604 // NVD: CVE-2013-6246

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6246
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6246
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201310-604
value: MEDIUM

Trust: 0.6

VULHUB: VHN-66248
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6246
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-66248
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-66248 // JVNDB: JVNDB-2013-004888 // CNNVD: CNNVD-201310-604 // NVD: CVE-2013-6246

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-66248 // JVNDB: JVNDB-2013-004888 // NVD: CVE-2013-6246

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-604

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201310-604

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004888

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-66248

PATCH

title:Quest One Password Manager - 製品別サポートurl:https://support.questsoftware.jp/productinformation.aspx?pr=268439492&pv=4294947956

Trust: 0.8

sources: JVNDB: JVNDB-2013-004888

EXTERNAL IDS

db:NVDid:CVE-2013-6246

Trust: 2.8

db:BIDid:63259

Trust: 2.0

db:PACKETSTORMid:123703

Trust: 1.7

db:JVNDBid:JVNDB-2013-004888

Trust: 0.8

db:CNNVDid:CNNVD-201310-604

Trust: 0.7

db:EXPLOIT-DBid:38812

Trust: 0.1

db:VULHUBid:VHN-66248

Trust: 0.1

sources: VULHUB: VHN-66248 // BID: 63259 // JVNDB: JVNDB-2013-004888 // CNNVD: CNNVD-201310-604 // NVD: CVE-2013-6246

REFERENCES

url:http://www.securityfocus.com/bid/63259

Trust: 1.7

url:http://packetstormsecurity.com/files/123703/quest-captcha.txt

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6246

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6246

Trust: 0.8

sources: VULHUB: VHN-66248 // JVNDB: JVNDB-2013-004888 // CNNVD: CNNVD-201310-604 // NVD: CVE-2013-6246

CREDITS

Johnny Bravo

Trust: 0.3

sources: BID: 63259

SOURCES

db:VULHUBid:VHN-66248
db:BIDid:63259
db:JVNDBid:JVNDB-2013-004888
db:CNNVDid:CNNVD-201310-604
db:NVDid:CVE-2013-6246

LAST UPDATE DATE

2024-11-23T22:13:51.328000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-66248date:2013-10-24T00:00:00
db:BIDid:63259date:2013-10-25T00:12:00
db:JVNDBid:JVNDB-2013-004888date:2013-10-28T00:00:00
db:CNNVDid:CNNVD-201310-604date:2013-10-25T00:00:00
db:NVDid:CVE-2013-6246date:2024-11-21T01:58:55.320

SOURCES RELEASE DATE

db:VULHUBid:VHN-66248date:2013-10-24T00:00:00
db:BIDid:63259date:2013-10-21T00:00:00
db:JVNDBid:JVNDB-2013-004888date:2013-10-28T00:00:00
db:CNNVDid:CNNVD-201310-604date:2013-10-25T00:00:00
db:NVDid:CVE-2013-6246date:2013-10-24T03:48:52.643