Vulnerability CVE-2005-4860

Vulnerability CVE-2005-4860

Published: 2005-12-31 Modified: 2012-02-12

Description:

Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password.

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.9/10	10/10	3.4/10

Exploit range	Attack complexity	Authentication
Local	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Spectrum -> Cash receipting system

References:

http://www.portcullis.co.uk/uplds/advisories/Portcullis%20Security%20Advisory%2005-002%20Spectrum%20Cash%20Receipting%20System%20Weak%20Password%20Protection%20Vulnerability.txt

http://secunia.com/advisories/13985

http://marc.info/?l=bugtraq&m=111229613907550&w=2

Vulnerability CVE-2005-4860

Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password.

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

6.9/10

10/10

3.4/10

Local

Medium

No required

Complete

Complete

Complete

Affected software

References: