5

CVE-2011-0436

EPSS 0.78%
Veröffentlicht 07.03.2011 21:00:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The register_user function in client/new_account_form.php in Domain Technologie Control (DTC) before 0.32.9 includes a cleartext password in an e-mail message, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gplhost ≫ Domain Technologie Control Version <= 0.32.8

Gplhost ≫ Domain Technologie Control Version0.24.6

Gplhost ≫ Domain Technologie Control Version0.25.1

Gplhost ≫ Domain Technologie Control Version0.25.2

Gplhost ≫ Domain Technologie Control Version0.25.3

Gplhost ≫ Domain Technologie Control Version0.26.7

Gplhost ≫ Domain Technologie Control Version0.26.8

Gplhost ≫ Domain Technologie Control Version0.26.9

Gplhost ≫ Domain Technologie Control Version0.27.3

Gplhost ≫ Domain Technologie Control Version0.28.2

Gplhost ≫ Domain Technologie Control Version0.28.3

Gplhost ≫ Domain Technologie Control Version0.28.4

Gplhost ≫ Domain Technologie Control Version0.28.6

Gplhost ≫ Domain Technologie Control Version0.28.9

Gplhost ≫ Domain Technologie Control Version0.28.10

Gplhost ≫ Domain Technologie Control Version0.29.1

Gplhost ≫ Domain Technologie Control Version0.29.6

Gplhost ≫ Domain Technologie Control Version0.29.8

Gplhost ≫ Domain Technologie Control Version0.29.10

Gplhost ≫ Domain Technologie Control Version0.29.14

Gplhost ≫ Domain Technologie Control Version0.29.15

Gplhost ≫ Domain Technologie Control Version0.29.16

Gplhost ≫ Domain Technologie Control Version0.29.17

Gplhost ≫ Domain Technologie Control Version0.30.6

Gplhost ≫ Domain Technologie Control Version0.30.8

Gplhost ≫ Domain Technologie Control Version0.30.10

Gplhost ≫ Domain Technologie Control Version0.30.18

Gplhost ≫ Domain Technologie Control Version0.30.20

Gplhost ≫ Domain Technologie Control Version0.32.1

Gplhost ≫ Domain Technologie Control Version0.32.2

Gplhost ≫ Domain Technologie Control Version0.32.3

Gplhost ≫ Domain Technologie Control Version0.32.4

Gplhost ≫ Domain Technologie Control Version0.32.5

Gplhost ≫ Domain Technologie Control Version0.32.6

Gplhost ≫ Domain Technologie Control Version0.32.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.78%	0.714

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog

http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog

http://secunia.com/advisories/43523

Vendor Advisory

http://www.debian.org/security/2011/dsa-2179

http://www.gplhost.sg/lists/dtcannounce/msg00025.html

Patch

http://www.vupen.com/english/advisories/2011/0556

Vendor Advisory

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614302

http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=adffff7efb3687ff465ee0552a944dd3109f3cb0

http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=f8e3b2d7cc2da313addc05394568ab9599499285

http://openwall.com/lists/oss-security/2011/02/22/1

https://exchange.xforce.ibmcloud.com/vulnerabilities/65898

https://nvd.nist.gov/vuln/detail/CVE-2011-0436

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-0436

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-0436

EUVD