CVE-2005-4860

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2005-4860

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.9 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

S

pectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password.

References
Link Resource
http://marc.info/?l=bugtraq&m=111229613907550&w=2 Mailing List
http://secunia.com/advisories/13985 Broken Link Vendor Advisory
http://www.portcullis.co.uk/uplds/advisories/Portcullis%20Security%20Advisory%2005-002%20Spectrum%20Cash%20Receipting%20System%20Weak%20Password%20Protection%20Vulnerability.txt Broken Link
http://marc.info/?l=bugtraq&m=111229613907550&w=2 Mailing List
http://secunia.com/advisories/13985 Broken Link Vendor Advisory
http://www.portcullis.co.uk/uplds/advisories/Portcullis%20Security%20Advisory%2005-002%20Spectrum%20Cash%20Receipting%20System%20Weak%20Password%20Protection%20Vulnerability.txt Broken Link
Configurations

Configuration 1 (hide)

cpe:2.3:a:spectrumcu:cash_receipting_system:*:*:*:*:*:*:*:*
History

21 Nov 2024, 00:05

Type Values Removed Values Added
References () http://marc.info/?l=bugtraq&m=111229613907550&w=2 - Mailing List () http://marc.info/?l=bugtraq&m=111229613907550&w=2 - Mailing List
References () http://secunia.com/advisories/13985 - Broken Link, Vendor Advisory () http://secunia.com/advisories/13985 - Broken Link, Vendor Advisory
References () http://www.portcullis.co.uk/uplds/advisories/Portcullis%20Security%20Advisory%2005-002%20Spectrum%20Cash%20Receipting%20System%20Weak%20Password%20Protection%20Vulnerability.txt - Broken Link () http://www.portcullis.co.uk/uplds/advisories/Portcullis%20Security%20Advisory%2005-002%20Spectrum%20Cash%20Receipting%20System%20Weak%20Password%20Protection%20Vulnerability.txt - Broken Link
Information

Published : 2005-12-31 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2005-4860

Mitre link : CVE-2005-4860

CVE.ORG link : CVE-2005-4860

JSON object : View

Products Affected

spectrumcu

CWE
CWE-327

Use of a Broken or Risky Cryptographic Algorithm