CVE-2002-0487

Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache.

Published: Aug 12, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-0487
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
workforceroi / xpede	4.1	4.1.x
workforceroi / xpede	7.0	7.0.x

http://www.iss.net/security_center/static/8612.php
http://www.securityfocus.com/archive/1/263485
http://www.securityfocus.com/bid/4346

Vulnerability Database

CVE-2002-0487