CVE-2013-4114

Severity

50%

Complexity

99%

Confidentiality

48%

The automatic update request in Nagstamont before 0.9.10 uses a cleartext base64 format for transmission of a username and password, which allows remote attackers to obtain sensitive information by sniffing the network.

The automatic update request in Nagstamont before 0.9.10 uses a cleartext base64 format for transmission of a username and password, which allows remote attackers to obtain sensitive information by sniffing the network.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N).

Overview

Type

Henri Wahl Nagstamon

First reported 11 years ago

2013-08-16 17:55:00

Last updated 11 years ago

2013-08-21 18:37:00

Affected Software

Henri Wahl Nagstamon 0.5.2

0.5.2

Henri Wahl Nagstamon 0.5.3

0.5.3

Henri Wahl Nagstamon 0.5.4

0.5.4

Henri Wahl Nagstamon 0.5.5

0.5.5

Henri Wahl Nagstamon 0.5.6

0.5.6

Henri Wahl Nagstamon 0.5.7

0.5.7

Henri Wahl Nagstamon 0.5.8

0.5.8

Henri Wahl Nagstamon 0.5.9

0.5.9

Henri Wahl Nagstamon 0.5.10

0.5.10

Henri Wahl Nagstamon 0.5.11

0.5.11

Henri Wahl Nagstamon 0.5.13

0.5.13

Henri Wahl Nagstamon 0.6

0.6

Henri Wahl Nagstamon 0.6.1

0.6.1

Henri Wahl Nagstamon 0.6.2

0.6.2

Henri Wahl Nagstamon 0.7.0

0.7.0

Henri Wahl Nagstamon 0.8.0

0.8.0

Henri Wahl Nagstamon 0.8.1

0.8.1

Henri Wahl Nagstamon 0.8.2

0.8.2

Henri Wahl Nagstamon 0.9.0

0.9.0

Henri Wahl Nagstamon 0.9.1

0.9.1

Henri Wahl Nagstamon 0.9.2

0.9.2

Henri Wahl Nagstamon 0.9.3

0.9.3

Henri Wahl Nagstamon 0.9.4

0.9.4

Henri Wahl Nagstamon 0.9.5

0.9.5

Henri Wahl Nagstamon 0.9.6

0.9.6

Henri Wahl Nagstamon 0.9.6.1

0.9.6.1

Henri Wahl Nagstamon 0.9.7

0.9.7

Henri Wahl Nagstamon 0.9.7.1

0.9.7.1

Henri Wahl Nagstamon 0.9.8

0.9.8

References

openSUSE-SU-2013:1235

http://nagstamon.ifw-dresden.de/docs/security/

54072

Vendor Advisory

54276

Vendor Advisory

[oss-security] 20130711 Re: CVE Request -- Nagstamon (prior 0.9.10): Monitor server user credentials exposure in automated requests to get update information

https://bugs.gentoo.org/show_bug.cgi?id=476538

https://bugzilla.redhat.com/show_bug.cgi?id=983673

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.