0.9.12

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

silc

CWE-255

NVD

Published: 2003-12-31

Updated: 2018-10-19

Summary

Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores passwords and sessions in plaintext in memory, which could allow local users to obtain sensitive information.

Vulnerable Configurations

Part	Description	Count
Application	Silc Silc Secure Internet Live Conferencing 0.9.11 Silc Secure Internet Live Conferencing 0.9.12	2

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://www.securityfocus.com/archive/1/309775
http://www.securityfocus.com/archive/1/309941/30/26090/threaded
http://www.securityfocus.com/bid/6743
https://exchange.xforce.ibmcloud.com/vulnerabilities/11244