CVE-2006-3785
Severity Score
2.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin.
Symantec pcAnywhere 12.5 ofusca la contraseña en un cuadro de texto del GUI con asteriscos, pero no la encripta en el fichero .cif asociado (también conocido como caller o CallerID), lo que permite a usuarios locales obtener la contraseña de la ventana utilizando herramientas como el Nirsoft Asterwin.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2006-07-21 CVE Reserved
- 2006-07-21 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://securityreason.com/securityalert/1261 | Third Party Advisory | |
| http://www.digitalbullets.org/?p=3 | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/440448/100/0/threaded | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Symantec Search vendor "Symantec" | Pcanywhere Search vendor "Symantec" for product "Pcanywhere" | 12.5 Search vendor "Symantec" for product "Pcanywhere" and version "12.5" | - |
Affected
| ||||||