CVE-2006-1788

Adobe Document Server for Reader Extensions 6.0, during log on, provides different error messages depending on whether the user ID is valid or invalid, which allows remote attackers to more easily identify valid user IDs via brute force attacks.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/secunia_research/2005-68/advisory/	Vendor Advisory
http://www.adobe.com/support/techdocs/331917.html	Patch Vendor Advisory
http://secunia.com/advisories/15924	Vendor Advisory
http://www.securityfocus.com/bid/17500
http://www.vupen.com/english/advisories/2006/1342
https://exchange.xforce.ibmcloud.com/vulnerabilities/25772
http://www.securityfocus.com/archive/1/430869/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:adobe:document_server:6.0:*:reader_extensions:*:*:*:*:*

Information

Published : 2006-04-13 15:02

Updated : 2018-10-18 09:36

NVD link : CVE-2006-1788

Mitre link : CVE-2006-1788

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

adobe

document_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/secunia_research/2005-68/advisory/", "name": "http://secunia.com/secunia_research/2005-68/advisory/", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.adobe.com/support/techdocs/331917.html", "name": "http://www.adobe.com/support/techdocs/331917.html", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/15924", "name": "15924", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/17500", "name": "17500", "tags": [], "refsource": "BID"}, {"url": "http://www.vupen.com/english/advisories/2006/1342", "name": "ADV-2006-1342", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25772", "name": "adobe-error-account-enumeration(25772)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/430869/100/0/threaded", "name": "20060413 Secunia Research: Adobe Document Server for Reader ExtensionsMultiple Vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Adobe Document Server for Reader Extensions 6.0, during log on, provides different error messages depending on whether the user ID is valid or invalid, which allows remote attackers to more easily identify valid user IDs via brute force attacks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-1788", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-04-13T22:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:document_server:6.0:*:reader_extensions:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:36Z"}