Lucene search

[email protected]CVE-2005-0844

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-0844

2005-05-0204:00:00

CWE-310

[email protected]

web.nvd.nist.gov

nortel

vpn client

cleartext password

vulnerability

extranet.exe

sensitive information

cve-2005-0844

nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Nortel VPN client 5.01 stores the cleartext password in the memory of the Extranet.exe process, which could allow local users to obtain sensitive information.

Affected configurations

NVD

Node

nortelcontivityMatch5.01

CPENameOperatorVersion
nortel:contivitynortel contivityeq5.01

CPE	Name	Operator	Version
nortel:contivity	nortel contivity	eq	5.01

References

marc.info/?l=bugtraq&m=111151589203707&w=2

securitytracker.com/id?1013512

www.nta-monitor.com/news/vpn-flaws/nortel/nortel-client/

exchange.xforce.ibmcloud.com/vulnerabilities/19791

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2005-0844

nvd1 cvelist1