ID CVE-2006-3785
Summary Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin.
References
Vulnerable Configurations
  • cpe:2.3:a:symantec:pcanywhere:12.5:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:pcanywhere:12.5:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 17-10-2018 - 21:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bugtraq 20060718 PcAnywhere > 12 Local Privilege Escalation
misc http://www.digitalbullets.org/?p=3
sreason 1261
Last major update 17-10-2018 - 21:30
Published 24-07-2006 - 12:19
Last modified 17-10-2018 - 21:30
Back to Top