CVE-2007-5460

Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process.
References
Link Resource
http://osvdb.org/38499 Broken Link
http://securityreason.com/securityalert/3232 Broken Link
http://www.securityfocus.com/archive/1/482299/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/25976 Broken Link Patch Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/37223 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:microsoft:activesync:4.1:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_mobile:5.0:*:*:*:*:*:*:*

History

09 Feb 2024, 03:07

Type Values Removed Values Added
CWE CWE-310 CWE-327
CVSS v2 : 7.1
v3 : unknown
v2 : 7.1
v3 : 4.6
References (BUGTRAQ) http://www.securityfocus.com/archive/1/482299/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/482299/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/37223 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/37223 - Third Party Advisory, VDB Entry
References (SREASON) http://securityreason.com/securityalert/3232 - (SREASON) http://securityreason.com/securityalert/3232 - Broken Link
References (OSVDB) http://osvdb.org/38499 - (OSVDB) http://osvdb.org/38499 - Broken Link
References (BID) http://www.securityfocus.com/bid/25976 - Patch (BID) http://www.securityfocus.com/bid/25976 - Broken Link, Patch, Third Party Advisory, VDB Entry

Information

Published : 2007-10-15 22:17

Updated : 2024-02-28 11:01


NVD link : CVE-2007-5460

Mitre link : CVE-2007-5460

CVE.ORG link : CVE-2007-5460


JSON object : View

Products Affected

microsoft

  • windows_mobile
  • activesync
CWE
CWE-327

Use of a Broken or Risky Cryptographic Algorithm