Web Dictate Admin Null Password Vulnerability

2006.09.08

Credit: Revnic Vasile

Risk: High

Local: No

Remote: Yes

CVE: CVE-2006-4603

CWE: CWE-Other

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

Web Dictate Admin Null Password Vulnerability
Software: Web Dictate
Version: 1.02
Website: http://nchsoftware.com/
Description:
Web Dictate is a dictation system that lets you record, edit and manage dictation over the internet. You, and other users, log into a server running Web Dictate to record dictation with any ordinary web browser.
Vulnerability:
After assigning a password for the Admin account, it is possible to login as Admin with a null password.
Credit:
Discovered by Revnic Vasile

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Web Dictate Admin Null Password Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.