Vulnerability Description
Rockliffe MailSite Express before 6.1.22, with the option to save login information enabled, saves user passwords in plaintext in cookies, which allows local users to obtain passwords by reading the cookie file, or remote attackers to obtain the cookies via cross-site scripting (XSS) vulnerabilities.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rockliffe | Mailsite Express | <= 6.1.21 |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0578.htmlExploitPatch
- http://marc.info/?l=bugtraq&m=113053680631151&w=2
- http://securitytracker.com/id?1015117
- http://www.osvdb.org/22682
- http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_VulnerabExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22906
- http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0578.htmlExploitPatch
- http://marc.info/?l=bugtraq&m=113053680631151&w=2
- http://securitytracker.com/id?1015117
- http://www.osvdb.org/22682
- http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_VulnerabExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22906
FAQ
What is CVE-2005-3429?
CVE-2005-3429 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Rockliffe MailSite Express before 6.1.22, with the option to save login information enabled, saves user passwords in plaintext in cookies, which allows local users to obtain passwords by reading the c...
How severe is CVE-2005-3429?
CVE-2005-3429 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3429?
Check the references section above for vendor advisories and patch information. Affected products include: Rockliffe Mailsite Express.