Description
HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not properly handle the "@" character in a proxy password, which could allow attackers with physical access to obtain portions of the password when it is displayed to the screen.
Product(s):
- HP Version Control Repository Manager 1.0.1288.1
- HP Version Control Repository Manager 1.0.2241.0
- HP Version Control Repository Manager 1.0.2289.0
- HP Version Control Repository Manager 1.0.2345.0
- HP Version Control Repository Manager 1.0.3085.0
- HP Version Control Repository Manager 1.0.3086.0
- HP Version Control Repository Manager 2.0.0.50
- HP Version Control Repository Manager 2.0.1.30
- HP Version Control Repository Manager 2.1.1.7.10
- HP Version Control Repository Manager 2.1.1.720
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2005-2076, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2005-2076 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.