Lucene search
MitreCVE-2006-3785HistoryJul 24, 2006 - 12:19 p.m.
CVE-2006-3785
2006-07-2412:19:00
mitre
web.nvd.nist.gov
21
symantec
pcanywhere
12.5
gui
password
obfuscation
vulnerability
nvd
cve-2006-3785
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.2
Confidence
High
EPSS
0
Percentile
9.5%
Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin.
Affected configurations
Node
symantecpcanywhereMatch12.5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| symantec | pcanywhere | 12.5 | cpe:2.3:a:symantec:pcanywhere:12.5:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2006-3785
2006-07-24 12:19:00
CVE-2007-2619
2007-05-11 16:19:00
cvelist
cvelist
CVE-2006-3785
2006-07-21 21:00:00
CVE-2007-2619
2007-05-11 16:00:00
prion
prion
Memory corruption
2007-05-11 16:19:00
cve
cve
CVE-2007-2619
2007-05-11 16:19:00
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.2
Confidence
High
EPSS
0
Percentile
9.5%
Related for CVE-2006-3785