ID |
CVE-2002-2162
|
Summary |
Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user accounts. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:cerulean_studios:trillian:0.73:*:*:*:*:*:*:*
cpe:2.3:a:cerulean_studios:trillian:0.73:*:*:*:*:*:*:*
-
cpe:2.3:a:cerulean_studios:trillian:0.725:*:*:*:*:*:*:*
cpe:2.3:a:cerulean_studios:trillian:0.725:*:*:*:*:*:*:*
-
cpe:2.3:a:cerulean_studios:trillian:0.6351:*:*:*:*:*:*:*
cpe:2.3:a:cerulean_studios:trillian:0.6351:*:*:*:*:*:*:*
|
CVSS |
Base: | 4.6 (as of 05-09-2008 - 20:32) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
LOCAL |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
refmap
via4
|
bid | 5677 | bugtraq | 20020909 Trillian weakly encrypts saved passwords | xf | trillian-insecure-password-storage(10092) |
|
Last major update |
05-09-2008 - 20:32 |
Published |
31-12-2002 - 05:00 |
Last modified |
05-09-2008 - 20:32 |