CyberSec.Space Logo
Back to CVE Browser

CVE-2005-0744

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1600%
EPSS Percentile35.80th
PublishedMay 2, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers to hijack sessions and gain administrator privileges by (1) sniffing the connection on TCP port 51100 and replaying the authentication information or (2) obtaining and replaying the PCZQX02 authentication cookie from the browser.

Affected Platforms (CPE)

πŸ“¦
Novell

Ichain

= 2.2
πŸ“¦
Novell

Ichain

= 2.3

References & Advisories

πŸ”— http://secunia.com/advisories/14527
πŸ”— http://securitytracker.com/id?1013406
πŸ”— http://support.novell.com/cgi-bin/search/searchtid.cgi?/10096885.htm
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/19646
πŸ”— http://secunia.com/advisories/14527
πŸ”— http://securitytracker.com/id?1013406
πŸ”— http://support.novell.com/cgi-bin/search/searchtid.cgi?/10096885.htm
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/19646

Related Vulnerabilities

CVE-2003-06387.5

Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, and iChain 2.2 before Field Patch 1a, allow attackers to caus...

CVE-2003-06367.5

Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which al...

CVE-2019-59237.5

Directory traversal vulnerability in iChain Insurance Wallet App for iOS Version 1.3.0 and earlier allows remote attackers to read...

CVE-2004-23147.5

The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b 2.2.116 does not have a password by default, which allows r...