Vulnerability CVE-2005-2444


Published: 2005-08-03   Modified: 2012-02-12

Description:
Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the password in plaintext in a world readable file and does not delete the file after login, which allows local users to obtain sensitive information.

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Cerulean studios -> Trillian pro 

 References:
http://xforce.iss.net/xforce/xfdb/21667
http://secunia.com/advisories/16289
http://marc.theaimsgroup.com/?l=bugtraq&m=112274667603628&w=2

Copyright 2024, cxsecurity.com

 

Back to Top