Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=111229613907550&w=2 | Mailing List |
http://secunia.com/advisories/13985 | Broken Link Vendor Advisory |
http://www.portcullis.co.uk/uplds/advisories/Portcullis%20Security%20Advisory%2005-002%20Spectrum%20Cash%20Receipting%20System%20Weak%20Password%20Protection%20Vulnerability.txt | Broken Link |
Configurations
History
14 Feb 2024, 16:54
Type | Values Removed | Values Added |
---|---|---|
References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=111229613907550&w=2 - Mailing List | |
References | (MISC) http://www.portcullis.co.uk/uplds/advisories/Portcullis%20Security%20Advisory%2005-002%20Spectrum%20Cash%20Receipting%20System%20Weak%20Password%20Protection%20Vulnerability.txt - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/13985 - Broken Link, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 6.9
v3 : 7.8 |
CWE | CWE-327 | |
First Time |
Spectrumcu cash Receipting System
Spectrumcu |
|
CPE | cpe:2.3:a:spectrumcu:cash_receipting_system:*:*:*:*:*:*:*:* |
Information
Published : 2005-12-31 05:00
Updated : 2024-02-28 10:42
NVD link : CVE-2005-4860
Mitre link : CVE-2005-4860
CVE.ORG link : CVE-2005-4860
JSON object : View
Products Affected
spectrumcu
- cash_receipting_system
CWE
CWE-327
Use of a Broken or Risky Cryptographic Algorithm