CVE-2006-6617

Currently unrated

Key Information:

Vendor: Microsoft
Status: Project Server
Vendor: CVE Published:; 18 December 2006

Summary

projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.

References

http://securityreason.com/securityalert/2047

third-party-advisoryx_refsource_SREASON

http://lists.grok.org.uk/pipermail/full-disclosure/2006-D...

mailing-listx_refsource_FULLDISC

http://securitytracker.com/id?1017388

vdb-entryx_refsource_SECTRACK

EPSS Score

2% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 18, 2006
Vulnerability Reserved
Dec 17, 2006

Collectors

NVD DatabaseMitre Database