Local User Credential Exposure in TIBCO RendezVous by TIBCO Software Inc.
CVE-2006-4676

Currently unrated

Key Information:

Vendor

Tibco
Status
Rendezvous
Vendor
CVE Published:
11 September 2006

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2006-4676?

TIBCO RendezVous versions up to 7.4.11 exhibit a vulnerability where usernames and passwords are logged in a base64-encoded format within the rvrd.db file. This improper logging allows local users to access sensitive credentials by decoding the log data, leading to potential unauthorized access or data breaches. Organizations using affected versions should consider reviewing their logging practices and implementing measures to restrict access to sensitive log files.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2006-4676 - Proof of Concept

References

http://secunia.com/advisories/21748
third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/19883
vdb-entryx_refsource_BID
http://www.vupen.com/english/advisories/2006/3497
vdb-entryx_refsource_VUPEN

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.