CVE-2005-0486 — MEDIUM (5.0)

Vulnerability Description

Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and Tarantella Enterprise 3 3.40 and 3.30, when using RSA SecurID and multiple users have the same username, reveals sensitive information during authentication, which allows remote attackers to identify valid usernames and the authentication scheme.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Tarantella	Secure Global Desktop	enterprise_3.42
Tarantella	Tarantella Enterprise	3.30

References

http://www.tarantella.com/security/bulletin-11.htmlPatchVendor AdvisoryURL Repurposed
https://exchange.xforce.ibmcloud.com/vulnerabilities/19407
http://www.tarantella.com/security/bulletin-11.htmlPatchVendor AdvisoryURL Repurposed
https://exchange.xforce.ibmcloud.com/vulnerabilities/19407

FAQ

What is CVE-2005-0486?

CVE-2005-0486 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and Tarantella Enterprise 3 3.40 and 3.30, when using RSA SecurID and multiple users have the same username, reveals sensitive inform...

How severe is CVE-2005-0486?

CVE-2005-0486 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-0486?

Check the references section above for vendor advisories and patch information. Affected products include: Tarantella Secure Global Desktop, Tarantella Tarantella Enterprise.