CVE-2005-3429

Name of the Vulnerable Software and Affected Versions Rockliffe MailSite Express versions prior to 6.1.22

Description The issue allows local users to obtain passwords by reading the cookie file or remote attackers to obtain the cookies via cross-site scripting (XSS) vulnerabilities, because it saves user passwords in plaintext in cookies when the option to save login information is enabled.

Recommendations For versions prior to 6.1.22, update to version 6.1.22 or later to resolve the issue. As a temporary workaround, consider disabling the option to save login information to prevent passwords from being saved in plaintext in cookies. Restrict access to the cookie file to minimize the risk of local users obtaining passwords. Avoid using the password variable in cookie files until the issue is resolved.