ID
VAR-200110-0143
TITLE
deltathree PC-to-Phone authentication information disclosure vulnerability
Trust: 0.6
DESCRIPTION
BUGTRAQ ID: 3475PC-to-Phone is an application that can use the IP phone service to implement the function of making calls from PC to phone or from PC to PC. It is maintained by iConnectHere and copyrighted by deltathree. The software was found to have a security issue that could lead to the disclosure of PC-to-Phone confidential authentication information. If a user is in a multi-user system and has read permissions to the "temp.html" file, it is possible to obtain the user account and password for the current login to the system from the file. This file is globally readable by default. & lt; * Source: Arthur Hagen (& lt; a href = 'mailto: art@broomstick.com'> art@broomstick.com< / a>) Link: & lt; a href = 'http: //archives.neohapsis.com /archives/bugtraq/2001-10/0239.html '> http://archives.neohapsis.com/archives/bugtraq/2001-10/0239.html</a> *>
Trust: 0.6
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | none | model: | - | scope: | - | version: | - | Trust: 0.6 |
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2001-2840 | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2001-2840 |
LAST UPDATE DATE
2022-05-04T09:49:33.636000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2001-2840 | date: | 2001-10-30T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2001-2840 | date: | 2001-10-25T00:00:00 |