CVE-2000-0559 - eTrust Intrusion Detection System (formerly SessionWall-3) uses weak encryption (XOR) to store admin

CVE-2000-0559

Summary

eTrust Intrusion Detection System (formerly SessionWall-3) uses weak encryption (XOR) to store administrative passwords in the registry, which allows local users to easily decrypt the passwords.

References

http://www.securityfocus.com/bid/1341
http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSO.4.21.0006072124320.28062-100000@bearclaw.bogus.net

Vulnerable Configurations

cpe:2.3:a:broadcom:etrust_intrusion_detection:-:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_intrusion_detection:-:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_intrusion_detection:1.4.1.13:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_intrusion_detection:1.4.1.13:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 09-04-2021 - 14:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	1341
bugtraq	20000607 SessionWall-3 Paper + (links to) code

Last major update

09-04-2021 - 14:31

Published

07-06-2000 - 04:00

Last modified

09-04-2021 - 14:31