Description
EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack.
Exploits (1)
References (10)
Core 10
Core References
Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/354288
Broken Link, Patch, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9669
Exploit, Third Party Advisory x_refsource_confirm
http://www.earlyimpact.com/productcart/support/updates/ReadMe_ProductCart_Security_Patch_013004.txt
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/alerts/2004/Feb/1009085.html
Broken Link, Vendor Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2004-02/0871.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15231
Broken Link, Patch, Vendor Advisory x_refsource_misc
http://www.s-quadra.com/advisories/Adv-20040216.txt
Broken Link vdb-entry
x_refsource_osvdb
http://www.osvdb.org/3979
Broken Link, Patch, Vendor Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2004-02/0503.html
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/10898
Scores
CVSS v3
7.5
EPSS
0.0557
EPSS Percentile
90.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-326
Status
published
Products (1)
netsourcecommerce/productcart
< 2.53
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026