Vulnerability Description
The "change password forms" in Taskjitsu before 2.0.1 includes password hashes in hidden form fields, which allows remote attackers to obtain sensitive information from the (1) Category Editor and (2) User Information editor.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pkr Internet | Taskjitsu | 0.1 |
References
- http://www.pkrinternet.com/download/RELEASE-NOTES.txtURL Repurposed
- http://www.vupen.com/english/advisories/2006/2660
- https://www.pkrinternet.com/taskjitsu/task/3400URL Repurposed
- http://www.pkrinternet.com/download/RELEASE-NOTES.txtURL Repurposed
- http://www.vupen.com/english/advisories/2006/2660
- https://www.pkrinternet.com/taskjitsu/task/3400URL Repurposed
FAQ
What is CVE-2006-3398?
CVE-2006-3398 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The "change password forms" in Taskjitsu before 2.0.1 includes password hashes in hidden form fields, which allows remote attackers to obtain sensitive information from the (1) Category Editor and (2)...
How severe is CVE-2006-3398?
CVE-2006-3398 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3398?
Check the references section above for vendor advisories and patch information. Affected products include: Pkr Internet Taskjitsu.