CVE-2005-0486

Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and Tarantella Enterprise 3 3.40 and 3.30, when using RSA SecurID and multiple users have the same username, reveals sensitive information during authentication, which allows remote attackers to identify valid usernames and the authentication scheme.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.tarantella.com/security/bulletin-11.html	Patch Vendor Advisory URL Repurposed
https://exchange.xforce.ibmcloud.com/vulnerabilities/19407

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:tarantella:secure_global_desktop:enterprise_3.42:::::::*
	cpe:2.3:a:tarantella:secure_global_desktop:enterprise_4.0:::::::*
	cpe:2.3:a:tarantella:tarantella_enterprise:3.30:::::::*
	cpe:2.3:a:tarantella:tarantella_enterprise:3.40:::::::*

History

No history.

Information

Published : 2005-03-30 05:00

Updated : 2024-02-14 01:17

NVD link : CVE-2005-0486

Mitre link : CVE-2005-0486

CVE.ORG link : CVE-2005-0486

JSON object : View

Products Affected

tarantella

tarantella_enterprise
secure_global_desktop

CWE

NVD-CWE-Other

{"id": "CVE-2005-0486", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-03-30T05:00:00.000", "references": [{"url": "http://www.tarantella.com/security/bulletin-11.html", "tags": ["Patch", "Vendor Advisory", "URL Repurposed"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19407", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and Tarantella Enterprise 3 3.40 and 3.30, when using RSA SecurID and multiple users have the same username, reveals sensitive information during authentication, which allows remote attackers to identify valid usernames and the authentication scheme."}, {"lang": "es", "value": "Tarantella Secure Global Desktop Enterprise Edition 4.00 y 3.42, y Tarantella Enterprise 3 3.40 y 3.30, cuando utiliza RSA SecurID y m\u00faltiples usuarios tienen el mismo nombre de usuario, revela informaci\u00f3n sensible durante el proceso de autenticaci\u00f3n, lo que permite a atacantes remotos identificar nombres de usuario v\u00e1lidos y el esquema de autenticaci\u00f3n."}], "lastModified": "2024-02-14T01:17:43.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tarantella:secure_global_desktop:enterprise_3.42:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A49719C5-8A9A-42BB-9156-E7A40544394A"}, {"criteria": "cpe:2.3:a:tarantella:secure_global_desktop:enterprise_4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6834074-385B-4974-BAEF-3A9882485783"}, {"criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBE573E8-DD94-4293-99AE-27B9067B3ED9"}, {"criteria": "cpe:2.3:a:tarantella:tarantella_enterprise:3.40:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D14413DA-5199-4282-9E22-D347E9D8E469"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}