PT-2005-3367 · Kayako · Kayako Liveresponse

James Bercegay

Published

2005-12-31

Updated

2016-10-18

CVE-2005-2462

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Kayako liveResponse versions 2.x

Description The issue allows local users and possibly remote attackers to gain privileges by exploiting the fact that passwords are recorded in plaintext in the URL when a user logs in.

Recommendations For Kayako liveResponse versions 2.x, consider disabling the login functionality until a fix is available to prevent passwords from being recorded in plaintext. Restrict access to the login module to minimize the risk of exploitation. Avoid using the password parameter in the affected login endpoint until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2462

Affected Products

Kayako Liveresponse

PT-2005-3367 · Kayako · Kayako Liveresponse

CVE-2005-2462

Related Identifiers

Affected Products

References · 6