{"api_version":"1","generated_at":"2026-05-15T15:45:10+00:00","cve":"CVE-2006-1829","urls":{"html":"https://cve.report/CVE-2006-1829","api":"https://cve.report/api/cve/CVE-2006-1829.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-1829","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-1829"},"summary":{"title":"CVE-2006-1829","description":"EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote authenticated users, possibly guests, to obtain password credentials of arbitrary users via unspecified vectors involving (1) connection caches, (2) open password prompts, and (3) stored custom connection profiles.","state":"PUBLISHED","assigner":"mitre","published_at":"2006-04-19 16:06:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4","severity":"","vector":"AV:N/AC:L/Au:S/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.sybase.com/detail?id=1040117","name":"http://www.sybase.com/detail?id=1040117","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Access Denied","mime":"text/html","httpstatus":"403","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/1344","name":"http://www.vupen.com/english/advisories/2006/1344","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1015913","name":"http://securitytracker.com/id?1015913","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Sybase EAServer Manager May Disclose Passwords to Remote Authenticated Users - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/19605","name":"http://secunia.com/advisories/19605","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Sybase EAServer Sybase Central Exposure of User Credentials - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/17508","name":"http://www.securityfocus.com/bid/17508","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Sybase EAServer Manager Connection Cache Password Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25777","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25777","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-1829","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-1829","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"1829","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sybase","cpe5":"easerver","cpe6":"5.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"1829","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sybase","cpe5":"easerver","cpe6":"5.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2006","cve_id":"1829","cve":"CVE-2006-1829","epss":"0.004200000","percentile":"0.619910000","score_date":"2026-04-20","updated_at":"2026-04-21 00:07:48"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T17:27:29.383Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"easerver-password-disclosure(25777)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25777"},{"name":"17508","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/17508"},{"name":"19605","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/19605"},{"name":"ADV-2006-1344","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2006/1344"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.sybase.com/detail?id=1040117"},{"name":"1015913","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1015913"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2006-04-11T00:00:00.000Z","descriptions":[{"lang":"en","value":"EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote authenticated users, possibly guests, to obtain password credentials of arbitrary users via unspecified vectors involving (1) connection caches, (2) open password prompts, and (3) stored custom connection profiles."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-19T15:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"easerver-password-disclosure(25777)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25777"},{"name":"17508","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/17508"},{"name":"19605","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/19605"},{"name":"ADV-2006-1344","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2006/1344"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.sybase.com/detail?id=1040117"},{"name":"1015913","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1015913"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-1829","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote authenticated users, possibly guests, to obtain password credentials of arbitrary users via unspecified vectors involving (1) connection caches, (2) open password prompts, and (3) stored custom connection profiles."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"easerver-password-disclosure(25777)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25777"},{"name":"17508","refsource":"BID","url":"http://www.securityfocus.com/bid/17508"},{"name":"19605","refsource":"SECUNIA","url":"http://secunia.com/advisories/19605"},{"name":"ADV-2006-1344","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/1344"},{"name":"http://www.sybase.com/detail?id=1040117","refsource":"CONFIRM","url":"http://www.sybase.com/detail?id=1040117"},{"name":"1015913","refsource":"SECTRACK","url":"http://securitytracker.com/id?1015913"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2006-1829","datePublished":"2006-04-19T16:00:00.000Z","dateReserved":"2006-04-19T00:00:00.000Z","dateUpdated":"2024-08-07T17:27:29.383Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2006-04-19 16:06:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sybase:easerver:5.2:*:*:*:*:*:*:*","matchCriteriaId":"BF9C6A53-8D65-4B4D-88A4-2F43D0823B7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:sybase:easerver:5.3:*:*:*:*:*:*:*","matchCriteriaId":"A7920CE9-8B9D-46BB-AEBC-7C129CB3C8BC"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"1829","Ordinal":"1","Title":"CVE-2006-1829","CVE":"CVE-2006-1829","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"1829","Ordinal":"1","NoteData":"EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote authenticated users, possibly guests, to obtain password credentials of arbitrary users via unspecified vectors involving (1) connection caches, (2) open password prompts, and (3) stored custom connection profiles.","Type":"Description","Title":"CVE-2006-1829"},{"CveYear":"2006","CveId":"1829","Ordinal":"2","NoteData":"2006-04-19","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"1829","Ordinal":"3","NoteData":"2017-07-19","Type":"Other","Title":"Modified"}]}}}