Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12731
HistoryMay 19, 2006 - 12:00 a.m.

[SA20145] Sybase EAServer JPasswordField Password Disclosure

2006-05-1900:00:00
vulners.com
12
JSON

TITLE:
Sybase EAServer JPasswordField Password Disclosure

SECUNIA ADVISORY ID:
SA20145

VERIFY ADVISORY:
http://secunia.com/advisories/20145/

CRITICAL:
Not critical

IMPACT:
Exposure of sensitive information

WHERE:
Local system

SOFTWARE:
Sybase EAServer 5.x
http://secunia.com/product/5398/

DESCRIPTION:
A security issue has been reported in Sybase EAServer, which can be
exploited by malicious, local users to disclose potentially sensitive
information.

The security issue is caused due to clear text passwords being
returned by the "getSelectedText()" method of the
"javax.swing.JPasswordField" UI component. This can potentially be
exploited to disclose the password that has been input into the
password field.

Successful exploitation requires that e.g. a user keys in his
password into a password prompt dialog box in a GUI application and
leaves dialog box open, or the attacker has access to the file that
stores private data from the JPasswordField UI component.

The security issue has been reported in the following versions:

  • EAServer version 5.0 (HP-UX Itanium)
  • EAServer version 5.2 (IBM AIX/HP-UX PA-RISC/Linux x86/Sun Solaris
    SPARC)

Note: The security issue affects users who develop and deploy their
own J2EE Application Clients and Java GUI applications with EAServer
using the javax.swing.JPasswordField UI component. GUI applications
built by other vendors may also be affected.

SOLUTION:
Update to the fixed version or install EBF.
http://downloads.sybase.com/

EAServer Version 5.0 (HP-UX Itanium):
Install EBF# 13542

EAServer Version 5.2 (IBM AIX):
Install EBF# 13540

EAServer Version 5.2 (HP-UX PA-RISC):
Install EBF# 13539

EAServer Version 5.2 (Linux x86):
Install EBF# 13541

EAServer Version 5.2 (Sun Solaris SPARC):
Update to EAServer 5.3 and follow instructions in the latest version
of the online release bulletin.

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.

ORIGINAL ADVISORY:
http://www.sybase.com/detail?id=1040665

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

JSON