CVE-2006-3858

medium

Description

IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772).

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/28132

http://www.vupen.com/english/advisories/2006/3077

http://www.securityfocus.com/bid/19264

http://www.securityfocus.com/archive/1/443195/100/0/threaded

http://www.securityfocus.com/archive/1/443133/100/0/threaded

http://www.osvdb.org/27691

http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf

http://www-1.ibm.com/support/docview.wss?uid=swg21242921

http://secunia.com/advisories/21301

Details

Source: Mitre, NVD

Published: 2006-08-08

Updated: 2018-10-17

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

Detections

Analytics