CVE-2005-4860

Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password.
Configurations

Configuration 1 (hide)

cpe:2.3:a:spectrumcu:cash_receipting_system:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:05

Type Values Removed Values Added
References () http://marc.info/?l=bugtraq&m=111229613907550&w=2 - Mailing List () http://marc.info/?l=bugtraq&m=111229613907550&w=2 - Mailing List
References () http://secunia.com/advisories/13985 - Broken Link, Vendor Advisory () http://secunia.com/advisories/13985 - Broken Link, Vendor Advisory
References () http://www.portcullis.co.uk/uplds/advisories/Portcullis%20Security%20Advisory%2005-002%20Spectrum%20Cash%20Receipting%20System%20Weak%20Password%20Protection%20Vulnerability.txt - Broken Link () http://www.portcullis.co.uk/uplds/advisories/Portcullis%20Security%20Advisory%2005-002%20Spectrum%20Cash%20Receipting%20System%20Weak%20Password%20Protection%20Vulnerability.txt - Broken Link

14 Feb 2024, 16:54

Type Values Removed Values Added
CVSS v2 : 6.9
v3 : unknown
v2 : 6.9
v3 : 7.8
CWE NVD-CWE-Other CWE-327
First Time Spectrumcu cash Receipting System
Spectrumcu
CPE cpe:2.3:a:spectrum:cash_receipting_system:*:*:*:*:*:*:*:* cpe:2.3:a:spectrumcu:cash_receipting_system:*:*:*:*:*:*:*:*
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=111229613907550&w=2 - (BUGTRAQ) http://marc.info/?l=bugtraq&m=111229613907550&w=2 - Mailing List
References (MISC) http://www.portcullis.co.uk/uplds/advisories/Portcullis%20Security%20Advisory%2005-002%20Spectrum%20Cash%20Receipting%20System%20Weak%20Password%20Protection%20Vulnerability.txt - (MISC) http://www.portcullis.co.uk/uplds/advisories/Portcullis%20Security%20Advisory%2005-002%20Spectrum%20Cash%20Receipting%20System%20Weak%20Password%20Protection%20Vulnerability.txt - Broken Link
References (SECUNIA) http://secunia.com/advisories/13985 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/13985 - Broken Link, Vendor Advisory

Information

Published : 2005-12-31 05:00

Updated : 2024-11-21 00:05


NVD link : CVE-2005-4860

Mitre link : CVE-2005-4860

CVE.ORG link : CVE-2005-4860


JSON object : View

Products Affected

spectrumcu

  • cash_receipting_system
CWE
CWE-327

Use of a Broken or Risky Cryptographic Algorithm