CVE-2003-0406 - PalmVNC 1.40 and earlier stores passwords in plaintext in the PalmVNCDB, which is backed up to PCs t

CVE-2003-0406

Summary

PalmVNC 1.40 and earlier stores passwords in plaintext in the PalmVNCDB, which is backed up to PCs that the Palm is synchronized with, which could allow attackers to gain privileges.

References

http://marc.info/?l=bugtraq&m=105405691423389&w=2
http://www.iss.net/security_center/static/12083.php
http://www.securityfocus.com/bid/7696

Vulnerable Configurations

cpe:2.3:a:palmvnc:palmvnc:1.40:*:*:*:*:*:*:*
cpe:2.3:a:palmvnc:palmvnc:1.40:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 18-10-2016 - 02:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	7696
bugtraq	20030526 PalmVNC 1.40 Insecure Records
xf	palmvnc-plaintext-passwords(12083)

Last major update

18-10-2016 - 02:33

Published

30-06-2003 - 04:00

Last modified

18-10-2016 - 02:33