CVE-2005-2395

MEDIUM

Description

Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available.

References

http://securityreason.com/securityalert/8

http://www.osvdb.org/19002

http://www.securiteam.com/securitynews/5PP0L00GUQ.html

http://www.securityfocus.com/archive/1/405666

http://www.securityfocus.com/bid/14325

https://bugzilla.mozilla.org/show_bug.cgi?id=281851

https://exchange.xforce.ibmcloud.com/vulnerabilities/22272

Details

Source: MITRE

Published: 2005-07-27

Updated: 2017-07-11

Type: NVD-CWE-Other

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (5 total)

ID	Name	Product	Family	Severity
3099	Mozilla Firefox < 1.0.6 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
18689	Firefox < 1.0.6 Multiple Vulnerabilities	Nessus	Windows	high
3066	Mozilla Firefox < 1.0.5 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
801217	Mozilla Firefox < 1.0.5 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
800777	Firefox < 1.0.6 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high