CVE-2005-1098 - GetDataBack for NTFS 2.31 stores the username and license key in plaintext in the Name value in the

CVE-2005-1098

Summary

GetDataBack for NTFS 2.31 stores the username and license key in plaintext in the Name value in the License registry key, which may allow local users to obtain sensitive information.

References

http://securitytracker.com/id?1013644
http://www.osvdb.org/15210
https://exchange.xforce.ibmcloud.com/vulnerabilities/19967

Vulnerable Configurations

cpe:2.3:a:runtime_software:getdataback_for_ntfs:2.31:*:*:*:*:*:*:*
cpe:2.3:a:runtime_software:getdataback_for_ntfs:2.31:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

refmap via4

osvdb	15210
sectrack	1013644
xf	getdataback-ntfs-information-disclosure(19967)

Last major update

11-07-2017 - 01:32

Published

02-05-2005 - 04:00

Last modified

11-07-2017 - 01:32