CVE-2008-0174
CRITICALGE Proficy Real-Time Information Portal < 2.6 - Cleartext Storage of Sensitive Information via HTTP Basic Authentication
Title source: llmDescription
GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges.
References (7)
Core 7
Core References
Broken Link, Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/487244/100/0/threaded
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/180876
Broken Link third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3590
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1019273
Broken Link x_refsource_confirm
http://support.gefanuc.com/support/index?page=kbchannel&id=KB12459
Broken Link, Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/487075/100/0/threaded
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/30754
Scores
CVSS v3
9.8
EPSS
0.0196
EPSS Percentile
77.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-312
Status
published
Products (1)
ge/proficy_real-time_information_portal
< 2.6
Published
Jan 29, 2008
Tracked Since
Feb 18, 2026