Vulnerabilities > CVE-2002-0487 - Unspecified vulnerability in Workforceroi Xpede 4.1/7.0

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

workforceroi

NVD

Published: 2002-08-12

Updated: 2024-11-20

Summary

Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache.

Vulnerable Configurations

Part	Description	Count
Application	Workforceroi Workforceroi Xpede 4.1 Workforceroi Xpede 7.0	2

References

http://www.iss.net/security_center/static/8612.php
http://www.iss.net/security_center/static/8612.php
http://www.securityfocus.com/archive/1/263485
http://www.securityfocus.com/archive/1/263485
http://www.securityfocus.com/bid/4346
http://www.securityfocus.com/bid/4346