Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1852

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-1852
Last Modified 05 Sep 2008 04:42:31
Published 23 Mar 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1852

Summary

DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain sensitive information.

Vulnerable Systems

Application

  • Dameware Development Mini Remote Control Server 3.70 .0.0

  • Dameware Development Mini Remote Control Server 3.71 .0.0

  • Dameware Development Mini Remote Control Server 3.72 .0.0

  • Dameware Development Mini Remote Control Server 3.73 .0.0

  • Dameware Development Mini Remote Control Server 4.0

  • Dameware Development Mini Remote Control Server 4.1 .0.0


References

XF - dameware-encryption-key-plaintext(15586)

BID - 9959

CONFIRM - http://www.dameware.com/support/security/bulletin.asp?ID=SB3

SECUNIA - 11205

OSVDB - 4547

SECTRACK - 1009557

BUGTRAQ - 20040323 Dameware Passes Weak File Encryption Key in the Clear


Last Updated: 27 May 2016 10:39:12