CVE-2007-2619 - Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login credentials for the most recent logi

CVE-2007-2619

Summary

Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login credentials for the most recent login within process memory, which allows local administrators to obtain the credentials by reading process memory, a different vulnerability than CVE-2006-3785.

References

Vulnerable Configurations

cpe:2.3:a:symantec:pcanywhere:11.5:*:*:*:*:*:*:*
cpe:2.3:a:symantec:pcanywhere:11.5:*:*:*:*:*:*:*
cpe:2.3:a:symantec:pcanywhere:11.5.1:*:*:*:*:*:*:*
cpe:2.3:a:symantec:pcanywhere:11.5.1:*:*:*:*:*:*:*
cpe:2.3:a:symantec:pcanywhere:12.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:pcanywhere:12.0:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 29-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
COMPLETE	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:S/C:C/I:N/A:N

refmap via4

bid	23875
confirm	http://securityresponse.symantec.com/avcenter/security/Content/2007.05.09b.html
osvdb	41982
sectrack	1018032
vupen	ADV-2007-1753
xf	pcanywhere-memory-information-disclosure(34203)

Last major update

29-07-2017 - 01:31

Published

11-05-2007 - 16:19

Last modified

29-07-2017 - 01:31