Vulnerability Name: | CVE-2005-2770 (CCN-22123) | ||||||||
Assigned: | 2005-09-01 | ||||||||
Published: | 2005-09-01 | ||||||||
Updated: | 2008-09-05 | ||||||||
Summary: | WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) does not properly handle when the Windows Administrator or Guest accounts are renamed after SSH key authentication has been configured, which allows remote attackers to use the original names during login. | ||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2005-2770 Source: CCN Type: SA16649 WRQ Reflection for Secure IT Windows Server Multiple Security Issues Source: SECUNIA Type: Patch 16649 Source: CCN Type: SECTRACK ID: 1014835 Reflection for Secure IT Multiple Bugs May Let Local Users Obtain Host Keys or Let Remote Users Access Certain Accounts or Systems Source: SECTRACK Type: UNKNOWN 1014835 Source: CCN Type: WRQ Support Technical Note 1867 Reflection for Secure IT Windows Server Security Vulnerability Update and Workaround Source: CONFIRM Type: UNKNOWN http://support.wrq.com/techdocs/1910.html Source: CCN Type: US-CERT VU#902110 Reflection for Secure IT Windows Server can allow login to renamed built-in accounts Source: CERT-VN Type: Third Party Advisory, US Government Resource VU#902110 Source: XF Type: UNKNOWN reflection-secure-it-gain-access(22123) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Vulnerability Name: | CVE-2005-2770 (CCN-22125) | ||||||||
Assigned: | 2005-09-01 | ||||||||
Published: | 2005-09-01 | ||||||||
Updated: | 2008-09-05 | ||||||||
Summary: | WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) does not properly handle when the Windows Administrator or Guest accounts are renamed after SSH key authentication has been configured, which allows remote attackers to use the original names during login. | ||||||||
CVSS v3 Severity: | 5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2005-2770 Source: CCN Type: SA16649 WRQ Reflection for Secure IT Windows Server Multiple Security Issues Source: CCN Type: SECTRACK ID: 1014835 Reflection for Secure IT Multiple Bugs May Let Local Users Obtain Host Keys or Let Remote Users Access Certain Accounts or Systems Source: CCN Type: WRQ Support Technical Note 1867 Reflection for Secure IT Windows Server Security Vulnerability Update and Workaround Source: CCN Type: Attachmate WRQ Support Technical Note 1910 Security Updates and Reflection for Secure IT * Source: CCN Type: US-CERT VU#902110 Reflection for Secure IT Windows Server can allow login to renamed built-in accounts Source: XF Type: UNKNOWN reflection-secure-it-renamed-account-access(22125) | ||||||||
BACK |