CVE-2004-2049

eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store sensitive usernames and passwords in cleartext in configuration files for the keeper library, which allows attackers to gain access.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/10794
http://secunia.com/advisories/12154
http://www.osvdb.org/8247
http://securitytracker.com/id?1010770
http://marc.info/?l=bugtraq&m=109068491801021&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/16795

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:esesix:thintune_m:2.4.38:::::::*
	cpe:2.3:h:esesix:thintune_mobile:2.4.38:::::::*
	cpe:2.3:h:esesix:thintune_s:2.4.38:::::::*
	cpe:2.3:h:esesix:thintune_xm:2.4.38:::::::*
	cpe:2.3:h:esesix:thintune_xs:2.4.38:::::::*
	cpe:2.3:h:esesix:thintune_extreme:2.4.38:::::::*
	cpe:2.3:h:esesix:thintune_l:2.4.38:::::::*

Information

Published : 2004-12-30 21:00

Updated : 2017-07-10 18:31

NVD link : CVE-2004-2049

Mitre link : CVE-2004-2049

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

esesix

thintune_mobile
thintune_l
thintune_s
thintune_xs
thintune_extreme
thintune_xm
thintune_m

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/10794", "name": "10794", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/12154", "name": "12154", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/8247", "name": "8247", "tags": [], "refsource": "OSVDB"}, {"url": "http://securitytracker.com/id?1010770", "name": "1010770", "tags": [], "refsource": "SECTRACK"}, {"url": "http://marc.info/?l=bugtraq&m=109068491801021&w=2", "name": "20040724 eSeSIX Thintune thin client multiple vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16795", "name": "thintune-plaintext-passwords(16795)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store sensitive usernames and passwords in cleartext in configuration files for the keeper library, which allows attackers to gain access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-2049", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2004-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:esesix:thintune_m:2.4.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:esesix:thintune_mobile:2.4.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:esesix:thintune_s:2.4.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:esesix:thintune_xm:2.4.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:esesix:thintune_xs:2.4.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:esesix:thintune_extreme:2.4.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:esesix:thintune_l:2.4.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:31Z"}