Sign-up

ID

VAR-200612-0030


CVE

CVE-2006-6674


TITLE

Ozeki HTTP-SMS Gateway Password Information Disclosure Vulnerability

Trust: 0.9

sources: BID: 21679 // CNNVD: CNNVD-200612-455

DESCRIPTION

Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and passwords in plaintext in the HKLM\Software\Ozeki\SMSServer\CurrentVersion\Plugins\httpsmsgate registry key, which allows local users to obtain sensitive information. A local attacker can exploit this issue to access sensitive information. This may lead to other attacks. This issue affects version 1.0; other versions may also be affected. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. The problem is that usernames and passwords are stored in cleartext in the registry under "HKEY_LOCAL_MACHINE\Software\Ozeki\SMSServer\CurrentVersion\Plugins\httpsmsgate", which is readable by all user accounts on the system. SOLUTION: Set the proper permissions on the "Ozeki" registry key. PROVIDED AND/OR DISCOVERED BY: basher13 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-6674 // JVNDB: JVNDB-2006-002618 // BID: 21679 // VULHUB: VHN-22782 // PACKETSTORM: 53135

AFFECTED PRODUCTS

vendor:ozekimodel:http-sms gatewayscope:lteversion:1.0

Trust: 1.8

vendor:ozekimodel:http-sms gatewayscope:eqversion:1.0

Trust: 0.6

vendor:ozekimodel:ng sms gateway softwarescope:eqversion:1.0

Trust: 0.3

sources: BID: 21679 // JVNDB: JVNDB-2006-002618 // CNNVD: CNNVD-200612-455 // NVD: CVE-2006-6674

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-6674
value: LOW

Trust: 1.0

NVD: CVE-2006-6674
value: LOW

Trust: 0.8

CNNVD: CNNVD-200612-455
value: LOW

Trust: 0.6

VULHUB: VHN-22782
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2006-6674
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-22782
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-22782 // JVNDB: JVNDB-2006-002618 // CNNVD: CNNVD-200612-455 // NVD: CVE-2006-6674

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-22782 // JVNDB: JVNDB-2006-002618 // NVD: CVE-2006-6674

THREAT TYPE

local

Trust: 1.0

sources: BID: 21679 // PACKETSTORM: 53135 // CNNVD: CNNVD-200612-455

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-200612-455

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-002618

PATCH
title:Top Pageurl:http://www.ozekisms.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-002618

EXTERNAL IDS
db:NVDid:CVE-2006-6674
Trust: 2.5
db:BIDid:21679
Trust: 2.0
db:SECUNIAid:23339
Trust: 1.8
db:VUPENid:ADV-2006-5093
Trust: 1.7
db:JVNDBid:JVNDB-2006-002618
Trust: 0.8
db:CNNVDid:CNNVD-200612-455
Trust: 0.7
db:VULHUBid:VHN-22782
Trust: 0.1
db:PACKETSTORMid:53135
Trust: 0.1
sources:
            
            
            VULHUB: VHN-22782 // 
            
            
            
            BID: 21679 // 
            
            
            
            JVNDB: JVNDB-2006-002618 // 
            
            
            
            PACKETSTORM: 53135 // 
            
            
            
            CNNVD: CNNVD-200612-455 // 
            
            
            
            NVD: CVE-2006-6674

REFERENCES
url:http://www.securityfocus.com/bid/21679
Trust: 1.7
url:http://secunia.com/advisories/23339
Trust: 1.7
url:http://bb.domaindlx.com/bingung/shellcore/advisories.asp?bug_report=display&infamous_group=106
Trust: 1.6
url:http://www.vupen.com/english/advisories/2006/5093
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6674
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6674
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2006/5093
Trust: 0.6
url:http://www.ozekisms.com/index.php?owpn=1
Trust: 0.3
url:http://bb.domaindlx.com/bingung/shellcore/advisories.asp?bug_report=display&infamous_group=106
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/12930/
Trust: 0.1
url:http://secunia.com/advisories/23339/
Trust: 0.1
url:http://secunia.com/software_inspector/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-22782 // 
            
            
            
            BID: 21679 // 
            
            
            
            JVNDB: JVNDB-2006-002618 // 
            
            
            
            PACKETSTORM: 53135 // 
            
            
            
            CNNVD: CNNVD-200612-455 // 
            
            
            
            NVD: CVE-2006-6674

CREDITS
Basher13 is credited with the discovery of this vulnerability
Trust: 0.9
sources:
            
            
            BID: 21679 // 
            
            
            
            CNNVD: CNNVD-200612-455

SOURCES
db:VULHUBid:VHN-22782
db:BIDid:21679
db:JVNDBid:JVNDB-2006-002618
db:PACKETSTORMid:53135
db:CNNVDid:CNNVD-200612-455
db:NVDid:CVE-2006-6674

LAST UPDATE DATE
2025-04-10T23:16:02.231000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-22782date:2011-08-25T00:00:00
db:BIDid:21679date:2006-12-20T21:32:00
db:JVNDBid:JVNDB-2006-002618date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200612-455date:2006-12-29T00:00:00
db:NVDid:CVE-2006-6674date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-22782date:2006-12-21T00:00:00
db:BIDid:21679date:2006-12-20T00:00:00
db:JVNDBid:JVNDB-2006-002618date:2012-09-25T00:00:00
db:PACKETSTORMid:53135date:2006-12-20T22:30:34
db:CNNVDid:CNNVD-200612-455date:2006-12-20T00:00:00
db:NVDid:CVE-2006-6674date:2006-12-21T01:28:00