Sybase EAServer Manager Connection Cache Password Disclosure Vulnerability
BID:17508
Info
Sybase EAServer Manager Connection Cache Password Disclosure Vulnerability
| Bugtraq ID: | 17508 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 13 2006 12:00AM |
| Updated: | Apr 13 2006 10:07PM |
| Credit: | Announced by the vendor. |
| Vulnerable: |
Sybase Enterprise Application Server 5.2 Sybase Enterprise Application Server 5.3 |
| Not Vulnerable: | |
Discussion
Sybase EAServer Manager Connection Cache Password Disclosure Vulnerability
Sybase Server Manager may expose passwords through the connection cache. A guest user could exploit this vulnerability to view another user's password.
EAServer 5.2 and 5.3 as well as products that embed these versions are vulnerable.
Sybase Server Manager may expose passwords through the connection cache. A guest user could exploit this vulnerability to view another user's password.
EAServer 5.2 and 5.3 as well as products that embed these versions are vulnerable.
Exploit / POC
Sybase EAServer Manager Connection Cache Password Disclosure Vulnerability
Exploit code is not required.
Exploit code is not required.
Solution / Fix
Sybase EAServer Manager Connection Cache Password Disclosure Vulnerability
Solution:
Fixes are available. Contact the vendor for further information.
Solution:
Fixes are available. Contact the vendor for further information.
References
Sybase EAServer Manager Connection Cache Password Disclosure Vulnerability
References:
References: