Back to search
CVE-2007-6330
Published: Dec 13, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames and passwords to the client in a (1) cleartext or (2) weakly encrypted format to support client-side login authentication, which makes it easier for remote attackers to obtain database access by capturing credentials via a man-in-the-middle attack.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
42634
vdb-entry
x_refsource_OSVDB
20071211 Meridian Prolog Manager Username and Plain Text Password Disclosure
mailing-list
x_refsource_BUGTRAQ
26826
vdb-entry
x_refsource_BID
VU#120593
third-party-advisory
x_refsource_CERT-VN
http://www.kb.cert.org/vuls/id/MIMG-77FL3T
x_refsource_CONFIRM
prologmanager-password-disclosure(38996)
vdb-entry
x_refsource_XF
28065
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now