The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Exceed

computer vulnerability announce CVE-2013-6805 CVE-2013-6806 CVE-2013-6807

OpenText Exceed On Demand: multiple Man-in-the-Middle

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenText Exceed On Demand.
Impacted products: Exceed.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 17/12/2013.
Identifiers: BID-64403, BID-64404, BID-64405, BID-64407, CVE-2013-6805, CVE-2013-6806, CVE-2013-6807, CVE-2013-6994, VIGILANCE-VUL-13957.

Description of the vulnerability

Several vulnerabilities were announced in OpenText Exceed On Demand.

An attacker located as a Man-in-the-Middle can alter a packet, so the SSL session is not started, and the protocol continues in clear text. [severity:2/4; BID-64404, CVE-2013-6806]

An attacker located as a Man-in-the-Middle can force the NULL SSL algorithm, so the SSL protocol is in clear text. [severity:2/4; BID-64407, CVE-2013-6807]

The password is not hashed, but XORed with the reversed password. [severity:2/4; BID-64403, CVE-2013-6805]

The session identifier is sent in clear text, before the SSL encryption has been established. [severity:2/4; BID-64405, CVE-2013-6994]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Exceed: