Vulnerabilities > CVE-2006-5965 - Local Insecure Default Directory Permisions vulnerability in Passgo SSO Plus 2.1.0.32
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses insecure permissions (Everyone/Full Control) for the PassGo Technologies directory, which allows local users to gain privileges by modifying critical programs.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://secunia.com/advisories/22301
- http://secunia.com/secunia_research/2006-68/advisory
- http://securitytracker.com/id?1017272
- http://www.securityfocus.com/archive/1/452325/100/0/threaded
- http://www.securityfocus.com/bid/21244
- http://www.vupen.com/english/advisories/2006/4660
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30475