CVE-2002-2384 - hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in cleartext in the hotfoon2 registry k

CVE-2002-2384

Summary

hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in cleartext in the hotfoon2 registry key, which allows local users to gain access to user accounts and steal phone service.

References

http://archives.neohapsis.com/archives/bugtraq/2002-11/0115.html
http://www.iss.net/security_center/static/10591.php
http://www.securityfocus.com/bid/6155

Vulnerable Configurations

cpe:2.3:a:hotfoon_corporation:hotfoon:4.0:*:*:*:*:*:*:*
cpe:2.3:a:hotfoon_corporation:hotfoon:4.0:*:*:*:*:*:*:*

CVSS

Base:	3.6 (as of 05-09-2008 - 20:33)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:N

refmap via4

bid	6155
bugtraq	20021110 Multiple Vuln. in Hotfoon.com
xf	hotfoon-plaintext-passwords(10591)

Last major update

05-09-2008 - 20:33

Published

31-12-2002 - 05:00

Last modified

05-09-2008 - 20:33