Credential Disclosure in Microsoft Project Server 2003
CVE-2006-6617

Currently unrated

Key Information:

Vendor

Microsoft
Status
Project Server
Vendor
CVE Published:
18 December 2006

What is CVE-2006-6617?

The Project Server component in Microsoft Project Server 2003 is susceptible to a vulnerability that allows remote authenticated users to extract sensitive credentials, specifically the MSProjectUser password for a SQL database. This occurs through a GetInitializationData request, which inadvertently exposes password information contained in the UserName and Password tags within the response. Mitigating this vulnerability is crucial to prevent unauthorized access and potential data breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://securityreason.com/securityalert/2047
third-party-advisoryx_refsource_SREASON
http://lists.grok.org.uk/pipermail/full-disclosure/2006-D...
mailing-listx_refsource_FULLDISC
http://securitytracker.com/id?1017388
vdb-entryx_refsource_SECTRACK

EPSS Score

32% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.