Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1198

Overview

Vulnerability Score 3.7 3.7
CVE Id CVE-2006-1198
Last Modified 07 Mar 2011 09:32:21
Published 13 Mar 2006 08:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2006-1198

Summary

Comvigo IM Lock 2006 uses a simple substitution cipher to encrypt a password stored in the msnvs\prc registry value, for which all users have Read permission, which allows local users to bypass the product's blocking functionality by decrypting the password.

Vulnerable Systems

Application

  • Comvigo Im Lock Home 2006

  • Comvigo Im Lock Professional 2006


References

VUPEN - ADV-2006-0866

BUGTRAQ - 20060306 IM Lock 2006 - Insecure Registry Permission Vulnerability

SECUNIA - 19140

XF - imlock-password-weak-encryption(25219)

BID - 16988


Last Updated: 27 May 2016 10:41:58