CVE-2007-6330

Name of the Vulnerable Software and Affected Versions Meridian Prolog Manager versions 2007, 7.5 and earlier

Description The issue allows remote attackers to obtain database access by capturing credentials via a man-in-the-middle attack, as it sends all usernames and passwords to the client in a cleartext or weakly encrypted format to support client-side login authentication.

Recommendations For Meridian Prolog Manager versions 2007, 7.5 and earlier, consider disabling client-side login authentication until a secure method for transmitting credentials is implemented. Restrict access to sensitive areas of the database to minimize the risk of exploitation. Avoid using weak encryption for transmitting usernames and passwords. At the moment, there is no information about a newer version that contains a fix for this vulnerability.