Vulnerabilities > CVE-2004-0939 - Unspecified vulnerability in Neoteris Instant Virtual Extranet
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
changepassword.cgi in Neoteris Instant Virtual Extranet (IVE) 3.x and 4.x, with LDAP authentication or NT domain authentication enabled, does not limit the number of times a bad password can be entered, which allows remote attackers to guess passwords via a brute force attack.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://marc.info/?l=bugtraq&m=109709990708794&w=2
- http://marc.info/?l=bugtraq&m=109709990708794&w=2
- http://secunia.com/advisories/12752
- http://secunia.com/advisories/12752
- http://securitytracker.com/id?1011552
- http://securitytracker.com/id?1011552
- http://www.gosecure.ca/SecInfo/gosecure-2004-10.txt
- http://www.gosecure.ca/SecInfo/gosecure-2004-10.txt
- http://www.osvdb.org/8365
- http://www.osvdb.org/8365
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17629
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17629