Vulnerability Description
WorkforceROI Xpede 4.1 allows remote attackers to obtain the database username via a request to datasource.asp, which leaks the username in a form and allows the attacker to more easily conduct brute force password guessing attacks.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Workforceroi | Xpede | 4.1 |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.htmlPatchVendor Advisory
- http://www.iss.net/security_center/static/8902.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4553PatchVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.htmlPatchVendor Advisory
- http://www.iss.net/security_center/static/8902.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4553PatchVendor Advisory
FAQ
What is CVE-2002-0580?
CVE-2002-0580 is a vulnerability with a CVSS score of 7.5 (HIGH). WorkforceROI Xpede 4.1 allows remote attackers to obtain the database username via a request to datasource.asp, which leaks the username in a form and allows the attacker to more easily conduct brute ...
How severe is CVE-2002-0580?
CVE-2002-0580 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0580?
Check the references section above for vendor advisories and patch information. Affected products include: Workforceroi Xpede.