CVE Vulnerabilities

CVE-2005-3429

Published: Nov 02, 2005 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Rockliffe MailSite Express before 6.1.22, with the option to save login information enabled, saves user passwords in plaintext in cookies, which allows local users to obtain passwords by reading the cookie file, or remote attackers to obtain the cookies via cross-site scripting (XSS) vulnerabilities.

Affected Software

Name Vendor Start Version End Version
Mailsite_express Rockliffe * 6.1.21 (including)
Mailsite_express Rockliffe 6.1.20 (including) 6.1.20 (including)

References