Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4150

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-4150
Last Modified 15 Nov 2008 01:55:47
Published 03 Aug 2007 04:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4150

Summary

The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information by sniffing the network; and (2) storing passwords in the configuration file, which allows local users to obtain sensitive information by reading this file.

Vulnerable Systems

Application

  • Visionsoft Audit 12.4.0.0


References

BID - 25153

MISC - http://www.portcullis.co.uk/uplds/advisories/vapassword%20-%2006-042.txt

OSVDB - 46979


Last Updated: 27 May 2016 10:45:46