Vulnerability Description
Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Workforceroi | Xpede | 4.1 |
References
- http://www.iss.net/security_center/static/8612.phpVendor Advisory
- http://www.securityfocus.com/archive/1/263485Vendor Advisory
- http://www.securityfocus.com/bid/4346ExploitVendor Advisory
- http://www.iss.net/security_center/static/8612.phpVendor Advisory
- http://www.securityfocus.com/archive/1/263485Vendor Advisory
- http://www.securityfocus.com/bid/4346ExploitVendor Advisory
FAQ
What is CVE-2002-0487?
CVE-2002-0487 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by ...
How severe is CVE-2002-0487?
CVE-2002-0487 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0487?
Check the references section above for vendor advisories and patch information. Affected products include: Workforceroi Xpede.