Vulnerability CVE-2006-2539
Published: 2006-05-22   Modified: 2012-02-12

Description:
Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC does not properly protect passwords when they are being entered via the GUI, which allows local users to obtain the cleartext passwords via the getSelectedText function in javax.swing.JPasswordField component.

CVSS2 => (AV:L/AC:H/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
6.4/10
1.5/10
Exploit range
Attack complexity
Authentication
Local
High
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Sybase -> Easerver 

 References:
http://www.sybase.com/detail?id=1040665
http://www.securityfocus.com/bid/18036
http://secunia.com/advisories/20145
http://xforce.iss.net/xforce/xfdb/26567
http://www.vupen.com/english/advisories/2006/1869
Copyright 2024, cxsecurity.com

 

Back to Top