Vulnerability Name:

CVE-2013-4114 (CCN-85583)

Assigned:2013-07-11
Published:2013-07-11
Updated:2013-08-21
Summary:The automatic update request in Nagstamont before 0.9.10 uses a cleartext base64 format for transmission of a username and password, which allows remote attackers to obtain sensitive information by sniffing the network.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-255
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2013-4114

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2013:1235

Source: CCN
Type: Nagstamon Web site
Nagstamon

Source: CCN
Type: Nagstamon Security Advisory
Update check security bug

Source: CONFIRM
Type: UNKNOWN
http://nagstamon.ifw-dresden.de/docs/security/

Source: CCN
Type: SA54072
Nagstamon Login Credentials Disclosure Security Issue

Source: SECUNIA
Type: Vendor Advisory
54072

Source: SECUNIA
Type: Vendor Advisory
54276

Source: MLIST
Type: UNKNOWN
[oss-security] 20130711 Re: CVE Request -- Nagstamon (prior 0.9.10): Monitor server user credentials exposure in automated requests to get update information

Source: CCN
Type: BID-61120
Nagstamon CVE-2013-4114 Information Disclosure Vulnerability

Source: CONFIRM
Type: UNKNOWN
https://bugs.gentoo.org/show_bug.cgi?id=476538

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=983673

Source: XF
Type: UNKNOWN
nagstamon-cve20134114-info-disc(85583)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-4114

Vulnerable Configuration:Configuration 1:
  • cpe:/a:henri_wahl:nagstamon:0.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.5.9:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.5.10:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.5.11:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.5.13:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.6:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.8.2:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.9.4:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.9.5:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.9.6:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.9.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.9.7:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.9.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:0.9.8:*:*:*:*:*:*:*
  • OR cpe:/a:henri_wahl:nagstamon:*:*:*:*:*:*:*:* (Version <= 0.9.9)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20134114
    V
    		CVE-2013-4114
    2022-06-30
    oval:org.opensuse.security:def:113011
    P
    		nagstamon-2.0.1-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106457
    P
    		Security update for python-Pygments (Important)
    2021-12-01
    oval:com.ubuntu.precise:def:20134114000
    V
    		CVE-2013-4114 on Ubuntu 12.04 LTS (precise) - medium.
    2013-08-16
    oval:com.ubuntu.xenial:def:201341140000000
    V
    		CVE-2013-4114 on Ubuntu 16.04 LTS (xenial) - medium.
    2013-08-16
    oval:com.ubuntu.trusty:def:20134114000
    V
    		CVE-2013-4114 on Ubuntu 14.04 LTS (trusty) - medium.
    2013-08-16
    oval:com.ubuntu.xenial:def:20134114000
    V
    		CVE-2013-4114 on Ubuntu 16.04 LTS (xenial) - medium.
    2013-08-16
    BACK
    henri_wahl nagstamon 0.5.2
    henri_wahl nagstamon 0.5.3
    henri_wahl nagstamon 0.5.4
    henri_wahl nagstamon 0.5.5
    henri_wahl nagstamon 0.5.6
    henri_wahl nagstamon 0.5.7
    henri_wahl nagstamon 0.5.8
    henri_wahl nagstamon 0.5.9
    henri_wahl nagstamon 0.5.10
    henri_wahl nagstamon 0.5.11
    henri_wahl nagstamon 0.5.13
    henri_wahl nagstamon 0.6
    henri_wahl nagstamon 0.6.1
    henri_wahl nagstamon 0.6.2
    henri_wahl nagstamon 0.7.0
    henri_wahl nagstamon 0.8.0
    henri_wahl nagstamon 0.8.1
    henri_wahl nagstamon 0.8.2
    henri_wahl nagstamon 0.9.0
    henri_wahl nagstamon 0.9.1
    henri_wahl nagstamon 0.9.2
    henri_wahl nagstamon 0.9.3
    henri_wahl nagstamon 0.9.4
    henri_wahl nagstamon 0.9.5
    henri_wahl nagstamon 0.9.6
    henri_wahl nagstamon 0.9.6.1
    henri_wahl nagstamon 0.9.7
    henri_wahl nagstamon 0.9.7.1
    henri_wahl nagstamon 0.9.8
    henri_wahl nagstamon *