CVE-2007-4150

The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information by sniffing the network; and (2) storing passwords in the configuration file, which allows local users to obtain sensitive information by reading this file.
References
Link Resource
http://osvdb.org/46979 Broken Link
http://www.portcullis.co.uk/uplds/advisories/vapassword%20-%2006-042.txt Broken Link Vendor Advisory
http://www.securityfocus.com/bid/25153 Broken Link Third Party Advisory VDB Entry
http://osvdb.org/46979 Broken Link
http://www.portcullis.co.uk/uplds/advisories/vapassword%20-%2006-042.txt Broken Link Vendor Advisory
http://www.securityfocus.com/bid/25153 Broken Link Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:visionsoft:audit:12.4.0.0:*:*:*:*:*:*:*

History

21 Nov 2024, 00:34

Type Values Removed Values Added
References () http://osvdb.org/46979 - Broken Link () http://osvdb.org/46979 - Broken Link
References () http://www.portcullis.co.uk/uplds/advisories/vapassword%20-%2006-042.txt - Broken Link, Vendor Advisory () http://www.portcullis.co.uk/uplds/advisories/vapassword%20-%2006-042.txt - Broken Link, Vendor Advisory
References () http://www.securityfocus.com/bid/25153 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/25153 - Broken Link, Third Party Advisory, VDB Entry

09 Feb 2024, 03:19

Type Values Removed Values Added
References (MISC) http://www.portcullis.co.uk/uplds/advisories/vapassword%20-%2006-042.txt - Vendor Advisory (MISC) http://www.portcullis.co.uk/uplds/advisories/vapassword%20-%2006-042.txt - Broken Link, Vendor Advisory
References (OSVDB) http://osvdb.org/46979 - (OSVDB) http://osvdb.org/46979 - Broken Link
References (BID) http://www.securityfocus.com/bid/25153 - (BID) http://www.securityfocus.com/bid/25153 - Broken Link, Third Party Advisory, VDB Entry
CVSS v2 : 10.0
v3 : unknown
v2 : 5.0
v3 : 7.5
CWE NVD-CWE-Other CWE-327

Information

Published : 2007-08-03 20:17

Updated : 2024-11-21 00:34


NVD link : CVE-2007-4150

Mitre link : CVE-2007-4150

CVE.ORG link : CVE-2007-4150


JSON object : View

Products Affected

visionsoft

  • audit
CWE
CWE-327

Use of a Broken or Risky Cryptographic Algorithm