VYPR

Contivity VPN Client

by Nortel

CVEs (4)

  • CVE-2005-2579Aug 16, 2005
    risk 0.00cvss epss 0.00

    Nortel Contivity VPN Client V05_01.030, when configuring a certificate to be used as authentication, does not properly drop system privileges, which allows local users to gain privileges by opening a program with the File Open dialog box.

  • CVE-2005-0844May 2, 2005
    risk 0.00cvss epss 0.00

    Nortel VPN client 5.01 stores the cleartext password in the memory of the Extranet.exe process, which could allow local users to obtain sensitive information.

  • CVE-2004-1105Jan 10, 2005
    risk 0.00cvss epss 0.02

    Nortel Networks Contivity VPN Client displays a different error message depending on whether the username is valid or invalid, which could allow remote attackers to gain sensitive information.

  • CVE-2004-2621Dec 31, 2004
    risk 0.00cvss epss 0.01

    Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle…