Lucene search

[email protected]CVE-2002-0343

HistoryJun 25, 2002 - 4:00 a.m.

CVE-2002-0343

2002-06-2504:00:00

[email protected]

web.nvd.nist.gov

cve-2002-0343

hotline client 1.8.5

plaintext storage

local user access

password extraction

nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Hotline Client 1.8.5 stores sensitive user information, including passwords, in plaintext in the bookmarks file, which could allow local users with access to the bookmarks file to gain privileges by extracting the passwords.

Affected configurations

NVD

Node

hotline_communicationshotline_connectMatch1.8.5

CPENameOperatorVersion
hotline_communications:hotline_connecthotline communications hotline connecteq1.8.5

CPE	Name	Operator	Version
hotline_communications:hotline_connect	hotline communications hotline connect	eq	1.8.5

References

marc.info/?l=bugtraq&m=101495128121299&w=2

www.iss.net/security_center/static/8327.php

www.securityfocus.com/bid/4210

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2002-0343

cvelist1 nvd1