1.1.1

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

linux

microsoft

unix

invision-power-services

NVD

Published: 2003-12-31

Updated: 2017-07-29

Summary

Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access.

Vulnerable Configurations

Part	Description	Count
OS	Linux Linux Linux Kernel *	1
OS	Microsoft Microsoft ALL Windows *	1
OS	Unix Unix Unix *	1
Application	Invision_Power_Services Invision Power Services Invision Board 1.0 Invision Power Services Invision Board 1.0.1 Invision Power Services Invision Board 1.1.1	3

References

http://securityreason.com/securityalert/3276
http://www.securityfocus.com/archive/1/319747
http://www.securityfocus.com/bid/7440
https://exchange.xforce.ibmcloud.com/vulnerabilities/11871