| Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability announce CVE-2007-6334
Ingres: incorrect authentication
Synthesis of the vulnerability
| Under Windows, the second user who logs into Ingres is connected as the first user. |
Severity: 2/4.
Creation date: 20/12/2007.
Revision date: 27/12/2007.
|
Description of the vulnerability
The Microsoft IIS web server supports IWA (Integrated Windows Authentication) authentication. Two vulnerabilities related to this authentication affect Ingres.
With Ingres r3 and Ingres 2006, when a user is connected, and if another user authenticates, an error occurs and his access is rejected. [severity:2/4; >]
With Ingres 2.6 and 2.5, when a user is connected, and if another user authenticates, he accesses to the account of the first user. [severity:2/4; >], |
Complete Vigil@nce bulletin
Characteristics
Title: Ingres: incorrect authentication.
Keywords: 2006 Authentication IIS IWA Ingres Integrated Microsoft Windows authentication incorrect.
Identifiers: 415703, BID-2695, CAID 35970, CVE-2007-6334, VIGILANCE-VUL-7437.
|
Information sources
Solutions for this vulnerability
Supplements
Vulnerability : Ingres r3, Ingres 2006
With Ingres r3 and Ingres 2006, when a user is connected, and if another user authenticates, an error occurs and his access is rejected.
Severity: 2/4.
|
|
Vulnerability : Ingres 2.6, 2.5
With Ingres 2.6 and 2.5, when a user is connected, and if another user authenticates, he accesses to the account of the first user.
Severity: 2/4.
|
|
Computer vulnerabilities tracking service
The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer vulnerability database
|
