| Vulnerability Name: | CVE-2004-0779 (CCN-17018) | ||||||||
| Assigned: | 2004-07-27 | ||||||||
| Published: | 2004-07-27 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: CCN Type: Mozilla Bugzilla Bug 226278 Password cache for http auth should remember if the site was secure Source: CONFIRM Type: UNKNOWN http://bugzilla.mozilla.org/show_bug.cgi?id=226278 Source: MITRE Type: CNA CVE-2004-0779 Source: MANDRAKE Type: UNKNOWN MDKSA-2004:082 Source: CCN Type: Mozilla Web site The Latest From Mozilla Source: CONFIRM Type: UNKNOWN http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7 Source: CCN Type: OSVDB ID: 14209 Mozilla Multiple Browser Protocol Mismatch Cached Auth Credential Disclosure Source: XF Type: UNKNOWN mozilla-plaintext-password(17018) Source: XF Type: UNKNOWN mozilla-plaintext-password(17018) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||