Vulnerabilities > CVE-2002-0487 - Unspecified vulnerability in Workforceroi Xpede 4.1/7.0

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

workforceroi

NVD

Published: 2002-08-12

Updated: 2008-09-05

Summary

Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache.

Vulnerable Configurations

Part	Description	Count
Application	Workforceroi Workforceroi Xpede 4.1 Workforceroi Xpede 7.0	2

References

http://www.iss.net/security_center/static/8612.php
http://www.securityfocus.com/archive/1/263485
http://www.securityfocus.com/bid/4346