Vulnerability Description
Castelle FaxPress, possibly 6.3 and other versions, when configured to use the Network print queue, allows attackers to obtain the username and password by submitting an incorrect login, which causes Faxpress to leak the correct username and password in plaintext in an error event.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Castelle | Faxpress | 6.3 |
References
- http://online.securityfocus.com/archive/1/254168PatchVendor Advisory
- http://www.iss.net/security_center/static/8086.phpVendor Advisory
- http://www.securityfocus.com/bid/4030Vendor Advisory
- http://online.securityfocus.com/archive/1/254168PatchVendor Advisory
- http://www.iss.net/security_center/static/8086.phpVendor Advisory
- http://www.securityfocus.com/bid/4030Vendor Advisory
FAQ
What is CVE-2002-0235?
CVE-2002-0235 is a vulnerability with a CVSS score of 7.5 (HIGH). Castelle FaxPress, possibly 6.3 and other versions, when configured to use the Network print queue, allows attackers to obtain the username and password by submitting an incorrect login, which causes ...
How severe is CVE-2002-0235?
CVE-2002-0235 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0235?
Check the references section above for vendor advisories and patch information. Affected products include: Castelle Faxpress.