Sign-up

ID

VAR-201310-0621


CVE

CVE-2013-6246


TITLE

Dell Quest One Password Manager Vulnerabilities in which capture protection is bypassed

Trust: 0.8

sources: JVNDB: JVNDB-2013-004888

DESCRIPTION

The Dell Quest One Password Manager, possibly 5.0, allows remote attackers to bypass CAPTCHA protections and obtain sensitive information (user's full name) by sending a login request with a valid domain and username but without the CaptchaType, UseCaptchaEveryTime, and CaptchaResponse parameters. DELL Quest One Password Manager is prone to a security bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and gain access to sensitive areas of the application to perform unauthorized actions; this may aid in launching further attacks. The software allows end users to reset forgotten passwords and unlock accounts, and supports the enforcement of secure data access policies

Trust: 1.98

sources: NVD: CVE-2013-6246 // JVNDB: JVNDB-2013-004888 // BID: 63259 // VULHUB: VHN-66248

AFFECTED PRODUCTS

vendor:dellmodel:quest one password managerscope:eqversion:5.0

Trust: 2.4

sources: JVNDB: JVNDB-2013-004888 // CNNVD: CNNVD-201310-604 // NVD: CVE-2013-6246

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6246
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6246
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201310-604
value: MEDIUM

Trust: 0.6

VULHUB: VHN-66248
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6246
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-66248
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-66248 // JVNDB: JVNDB-2013-004888 // CNNVD: CNNVD-201310-604 // NVD: CVE-2013-6246

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-66248 // JVNDB: JVNDB-2013-004888 // NVD: CVE-2013-6246

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-604

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201310-604

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004888

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-66248

PATCH
title:Quest One Password Manager - 製品別サポートurl:https://support.questsoftware.jp/productinformation.aspx?pr=268439492&pv=4294947956
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004888

EXTERNAL IDS
db:NVDid:CVE-2013-6246
Trust: 2.8
db:BIDid:63259
Trust: 2.0
db:PACKETSTORMid:123703
Trust: 1.7
db:JVNDBid:JVNDB-2013-004888
Trust: 0.8
db:CNNVDid:CNNVD-201310-604
Trust: 0.7
db:EXPLOIT-DBid:38812
Trust: 0.1
db:VULHUBid:VHN-66248
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66248 // 
            
            
            
            BID: 63259 // 
            
            
            
            JVNDB: JVNDB-2013-004888 // 
            
            
            
            CNNVD: CNNVD-201310-604 // 
            
            
            
            NVD: CVE-2013-6246

REFERENCES
url:http://www.securityfocus.com/bid/63259
Trust: 1.7
url:http://packetstormsecurity.com/files/123703/quest-captcha.txt
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6246
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6246
Trust: 0.8
sources:
            
            
            VULHUB: VHN-66248 // 
            
            
            
            JVNDB: JVNDB-2013-004888 // 
            
            
            
            CNNVD: CNNVD-201310-604 // 
            
            
            
            NVD: CVE-2013-6246

CREDITS
Johnny Bravo
Trust: 0.3
sources:
            
            
            BID: 63259

SOURCES
db:VULHUBid:VHN-66248
db:BIDid:63259
db:JVNDBid:JVNDB-2013-004888
db:CNNVDid:CNNVD-201310-604
db:NVDid:CVE-2013-6246

LAST UPDATE DATE
2024-08-14T15:35:08.568000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-66248date:2013-10-24T00:00:00
db:BIDid:63259date:2013-10-25T00:12:00
db:JVNDBid:JVNDB-2013-004888date:2013-10-28T00:00:00
db:CNNVDid:CNNVD-201310-604date:2013-10-25T00:00:00
db:NVDid:CVE-2013-6246date:2013-10-24T16:18:11.237

SOURCES RELEASE DATE
db:VULHUBid:VHN-66248date:2013-10-24T00:00:00
db:BIDid:63259date:2013-10-21T00:00:00
db:JVNDBid:JVNDB-2013-004888date:2013-10-28T00:00:00
db:CNNVDid:CNNVD-201310-604date:2013-10-25T00:00:00
db:NVDid:CVE-2013-6246date:2013-10-24T03:48:52.643