CVE-2003-1439

Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores passwords and sessions in plaintext in memory, which could allow local users to obtain sensitive information.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/archive/1/309775	Exploit
http://www.securityfocus.com/bid/6743
https://exchange.xforce.ibmcloud.com/vulnerabilities/11244
http://www.securityfocus.com/archive/1/309941/30/26090/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.12:::::::*
	cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.11:::::::*

Information

Published : 2003-12-30 21:00

Updated : 2018-10-19 08:29

NVD link : CVE-2003-1439

Mitre link : CVE-2003-1439

JSON object : View

CWE

CWE-255

Credentials Management Errors

Products Affected

silc

secure_internet_live_conferencing

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/archive/1/309775", "name": "20030201 silc question - insecure memory", "tags": ["Exploit"], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/bid/6743", "name": "6743", "tags": [], "refsource": "BID"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11244", "name": "silc-plaintext-account-information(11244)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/309941/30/26090/threaded", "name": "20030201 Re: silc question - insecure memory", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores passwords and sessions in plaintext in memory, which could allow local users to obtain sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-255"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2003-1439", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2003-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-19T15:29Z"}

4.3 /10