Executive Summary

Informations
Name CVE-2011-0436 First vendor Publication 2011-03-07
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The register_user function in client/new_account_form.php in Domain Technologie Control (DTC) before 0.32.9 includes a cleartext password in an e-mail message, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0436

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-310 Cryptographic Issues

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 34

OpenVAS Exploits

Date Description
2011-09-21 Name : FreeBSD Ports: dtc
File : nvt/freebsd_dtc.nasl
2011-03-09 Name : Debian Security Advisory DSA 2179-1 (dtc)
File : nvt/deb_2179_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
72806 Domain Technologie Control client/new_account_form.php Cleartext Email Passwo...

DTC contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered by the email transmission of cleartext passwords, which will disclose passwords to a remote attacker.

Nessus® Vulnerability Scanner

Date Description
2011-08-15 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_879b0242c5b611e0abd10017f22d6707.nasl - Type : ACT_GATHER_INFO
2011-03-03 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2179.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614302
http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=adffff7efb3687ff465ee...
http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commit%3Bh=f8e3b2d7cc2da313addc0...
http://openwall.com/lists/oss-security/2011/02/22/1
http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/ch...
http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog
http://secunia.com/advisories/43523
http://www.debian.org/security/2011/dsa-2179
http://www.gplhost.sg/lists/dtcannounce/msg00025.html
http://www.vupen.com/english/advisories/2011/0556
https://exchange.xforce.ibmcloud.com/vulnerabilities/65898
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
Date Informations
2024-11-28 23:05:47
  • Multiple Updates
2024-11-28 12:24:37
  • Multiple Updates
2023-11-07 21:47:29
  • Multiple Updates
2021-05-04 12:13:54
  • Multiple Updates
2021-04-22 01:15:04
  • Multiple Updates
2020-05-23 01:43:45
  • Multiple Updates
2020-05-23 00:27:39
  • Multiple Updates
2017-08-17 09:23:15
  • Multiple Updates
2016-04-26 20:30:08
  • Multiple Updates
2014-02-17 11:00:00
  • Multiple Updates
2013-05-10 22:53:27
  • Multiple Updates