Vulnerabilities > CVE-2007-6330 - Information Disclosure vulnerability in Meridian Software Prolog Manager 2007/7.0/7.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames and passwords to the client in a (1) cleartext or (2) weakly encrypted format to support client-side login authentication, which makes it easier for remote attackers to obtain database access by capturing credentials via a man-in-the-middle attack.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |