CVE-2009-1466

MEDIUM

Klinzmann Application Access Server - Cleartext Storage

Title source: rule

Description

Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file.

References (5)

[Broken Link, Third Party Advisory, VDB Entry] http://securitytracker.com/id?1022204

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/503434/100/0/threaded

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/34911

[Broken Link] http://www.syhunt.com/advisories/?id=aas-multiple

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/50590

Scores

CVSS v3 5.5

EPSS 0.0003

EPSS Percentile 10.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-312

Status draft

Affected Products (1)

klinzmann/application_access_server

Timeline

Published May 14, 2009

Tracked Since Feb 18, 2026