CVE-2005-4860

Опубликовано: 31 дек. 2005

Источник: nvd

CVSS3: 7.8

CVSS2: 6.9

EPSS Низкий

Описание

Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password.

Ссылки

http://marc.info/?l=bugtraq&m=111229613907550&w=2
Mailing List
http://secunia.com/advisories/13985
Broken Link
Vendor Advisory
http://www.portcullis.co.uk/uplds/advisories/Portcullis%20Security%20Advisory%2005-002%20Spectrum%20Cash%20Receipting%20System%20Weak%20Password%20Protection%20Vulnerability.txt
Broken Link
http://marc.info/?l=bugtraq&m=111229613907550&w=2
Mailing List
http://secunia.com/advisories/13985
Broken Link
Vendor Advisory
http://www.portcullis.co.uk/uplds/advisories/Portcullis%20Security%20Advisory%2005-002%20Spectrum%20Cash%20Receipting%20System%20Weak%20Password%20Protection%20Vulnerability.txt
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:spectrumcu:cash_receipting_system:*:*:*:*:*:*:*:*

Версия до 6.504 (исключая)

EPSS

Процентиль: 20%

0.00064

Низкий

7.8 High

CVSS3

6.9 Medium

CVSS2

Дефекты

CWE-327

Связанные уязвимости

GHSA-7j3h-rx7g-x4p6