EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote authenticated users, possibly guests, to obtain password credentials of arbitrary users via unspecified vectors involving (1) connection caches, (2) open password prompts, and (3) stored custom connection profiles.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Easerver | Sybase | 5.2 (including) | 5.2 (including) |
| Easerver | Sybase | 5.3 (including) | 5.3 (including) |
References
- http://secunia.com/advisories/19605
- http://securitytracker.com/id?1015913
- http://www.securityfocus.com/bid/17508
- http://www.sybase.com/detail?id=1040117
- http://www.vupen.com/english/advisories/2006/1344
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25777
- http://secunia.com/advisories/19605
- http://securitytracker.com/id?1015913
- http://www.securityfocus.com/bid/17508
- http://www.sybase.com/detail?id=1040117
- http://www.vupen.com/english/advisories/2006/1344
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25777