Bug: Web Dictate Admin Null Password Vulnerability ( Ascii Version )

Search:
WLB2

Web Dictate Admin Null Password Vulnerability

Published
Credit
Risk
2006.09.08
Revnic Vasile
High
CWE
CVE
Local
Remote
N/A
CVE-2006-4603
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

Web Dictate Admin Null Password Vulnerability

Software: Web Dictate

Version: 1.02

Website: http://nchsoftware.com/

Description:

Web Dictate is a dictation system that lets you record, edit and manage dictation over the internet. You, and other
users, log into a server running Web Dictate to record dictation with any ordinary web browser.

Vulnerability:

After assigning a password for the Admin account, it is possible to login as Admin with a null password.

Credit:

Discovered by Revnic Vasile

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version