Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process.
References
Link | Resource |
---|---|
http://osvdb.org/38499 | Broken Link |
http://securityreason.com/securityalert/3232 | Broken Link |
http://www.securityfocus.com/archive/1/482299/100/0/threaded | Broken Link Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/25976 | Broken Link Patch Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/37223 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
History
09 Feb 2024, 03:07
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-327 | |
CVSS |
v2 : v3 : |
v2 : 7.1
v3 : 4.6 |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/482299/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/37223 - Third Party Advisory, VDB Entry | |
References | (SREASON) http://securityreason.com/securityalert/3232 - Broken Link | |
References | (OSVDB) http://osvdb.org/38499 - Broken Link | |
References | (BID) http://www.securityfocus.com/bid/25976 - Broken Link, Patch, Third Party Advisory, VDB Entry |
Information
Published : 2007-10-15 22:17
Updated : 2024-02-28 11:01
NVD link : CVE-2007-5460
Mitre link : CVE-2007-5460
CVE.ORG link : CVE-2007-5460
JSON object : View
Products Affected
microsoft
- windows_mobile
- activesync
CWE
CWE-327
Use of a Broken or Risky Cryptographic Algorithm