PT-2014-3186 · Ibm · Ibm Sametime

Publicado

2014-02-13

Atualizado

2017-08-29

CVE-2013-6742

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions IBM Sametime versions 8.5.2 through 8.5.2.1 IBM Sametime versions 9.x through 9.0.0.1

Description The issue allows remote attackers to obtain access by leveraging an unattended workstation, due to the lack of an off autocomplete attribute for a password field in the Meeting Server.

Recommendations For IBM Sametime versions 8.5.2 through 8.5.2.1, consider adding an off autocomplete attribute for the password field to prevent attackers from obtaining access. For IBM Sametime versions 9.x through 9.0.0.1, consider adding an off autocomplete attribute for the password field to prevent attackers from obtaining access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2013-6742

Produtos afetados

Ibm Sametime

PT-2014-3186 · Ibm · Ibm Sametime

CVE-2013-6742

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3