Vulnerabilities > CVE-2005-0296 - Unspecified vulnerability in Novell Groupwise and Groupwise Webaccess

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

novell

nessus

NVD

Published: 2005-01-17

Updated: 2024-11-20

Summary

NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue

Vulnerable Configurations

Part	Description	Count
Application	Novell Novell Groupwise 6.0 Novell Groupwise 6.5 Novell Groupwise Webaccess 6.5 Novell Groupwise Webaccess 6.0	12

Nessus

NASL family	CGI abuses
NASL id	GROUPWISE_AUTH_BYPASS.NASL
description	The remote host is running Novell GroupWise WebAccess, a commercial groupware package. The remote version of this software is prone to an authentication bypass attack. An attacker requesting : /servlet/webacc?error=webacc may bypass the authentication mechanism and gain access to the groupware console.
last seen	2020-06-01
modified	2020-06-02
plugin id	16183
published	2005-01-17
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/16183
title	Novell GroupWise WebAccess Error Handler Authentication Bypass

Summary

Vulnerable Configurations

Nessus

References