CVE-2008-0174
Severity CVSS v4.0:
Pending analysis
Type:
CWE-312
Cleartext Storage of Sensitive Information
Publication date:
29/01/2008
Last modified:
09/04/2025
Description
GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ge:proficy_real-time_information_portal:*:*:*:*:*:*:*:* | 2.6 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://securityreason.com/securityalert/3590
- http://securitytracker.com/id?1019273=
- http://support.gefanuc.com/support/index?page=kbchannel&id=KB12459
- http://www.kb.cert.org/vuls/id/180876
- http://www.securityfocus.com/archive/1/487075/100/0/threaded
- http://www.securityfocus.com/archive/1/487244/100/0/threaded
- http://www.securityfocus.com/bid/30754
- http://securityreason.com/securityalert/3590
- http://securitytracker.com/id?1019273=
- http://support.gefanuc.com/support/index?page=kbchannel&id=KB12459
- http://www.kb.cert.org/vuls/id/180876
- http://www.securityfocus.com/archive/1/487075/100/0/threaded
- http://www.securityfocus.com/archive/1/487244/100/0/threaded
- http://www.securityfocus.com/bid/30754