Lucene search

[email protected]CVE-2006-1198

HistoryMar 14, 2006 - 1:06 a.m.

CVE-2006-1198

2006-03-1401:06:00

[email protected]

web.nvd.nist.gov

comvigo

im lock 2006

encryption

password

registry

bypass

security

3.7 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Comvigo IM Lock 2006 uses a simple substitution cipher to encrypt a password stored in the msnvs\prc registry value, for which all users have Read permission, which allows local users to bypass the product’s blocking functionality by decrypting the password.

Affected configurations

NVD

Node

comvigoim_lockMatchhome_2006

comvigoim_lockMatchprofessional_2006

CPENameOperatorVersion
comvigo:im_lockcomvigo im lockeqhome_2006
comvigo:im_lockcomvigo im lockeqprofessional_2006

CPE	Name	Operator	Version
comvigo:im_lock	comvigo im lock	eq	home_2006
comvigo:im_lock	comvigo im lock	eq	professional_2006

References

secunia.com/advisories/19140

www.securityfocus.com/archive/1/426935/100/0/threaded

www.securityfocus.com/bid/16988

www.vupen.com/english/advisories/2006/0866

exchange.xforce.ibmcloud.com/vulnerabilities/25219

3.7 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2006-1198

nvd1 cvelist1 prion1