Lucene search

MitreCVE-2005-0131

HistoryApr 14, 2005 - 4:00 a.m.

CVE-2005-0131

2005-04-1404:00:00

mitre

web.nvd.nist.gov

cve-2005-0131

konversation 0.15

quick connection dialog

irc server

security vulnerability

password leak

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.019

Percentile

88.7%

JSON

The Quick Connection dialog in Konversation 0.15 inadvertently uses the user-provided password as the nickname instead of the user-provided nickname when connecting to the IRC server, which could leak the password to other users.

Affected configurations

Nvd

Node

berlioskonversationMatch0.15

VendorProductVersionCPE
berlioskonversation0.15cpe:2.3:a:berlios:konversation:0.15:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
berlios	konversation	0.15	cpe:2.3:a:berlios:konversation:0.15:::::::*

References

lists.grok.org.uk/pipermail/full-disclosure/2005-January/031033.html

marc.info/?l=bugtraq&m=110626383310742&w=2

secunia.com/advisories/13919

secunia.com/advisories/13989

securitytracker.com/id?1012972

www.gentoo.org/security/en/glsa/glsa-200501-34.xml

www.kde.org/info/security/advisory-20050121-1.txt

www.securityfocus.com/bid/12312

exchange.xforce.ibmcloud.com/vulnerabilities/19038

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.019

Percentile

88.7%

JSON

Related for CVE-2005-0131