Vulnerabilities > CVE-2008-7255 - Credentials Management vulnerability in Amsn

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

amsn

CWE-255

NVD

Published: 2010-04-20

Updated: 2010-06-03

Summary

login_screen.tcl in aMSN (aka Alvaro's Messenger) before 0.97.1 saves a password after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation.

Vulnerable Configurations

Part	Description	Count
Application	Amsn Amsn Amsn 0.83 Amsn Amsn 0.90 Amsn Amsn 0.91 Amsn Amsn 0.92 Amsn Amsn 0.93 Amsn Amsn 0.94 Amsn Amsn 0.95 Amsn Amsn 0.96 Amsn Amsn *	9

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://amsn.svn.sourceforge.net/viewvc/amsn/trunk/amsn/login_screen.tcl?r1=9960&r2=10259&pathrev=10259
http://sourceforge.net/project/shownotes.php?release_id=610067
http://www.amsn-project.net/forums/index.php?topic=5317.0