Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5460

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2007-5460
Last Modified 15 Nov 2008 12:00:00
Published 15 Oct 2007 06:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5460

Summary

Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process.

Vulnerable Systems

Application

  • Microsoft Activesync 4.1


References

BID - 25976

XF - microsoft-activesync-weak-encryption(37223)

BUGTRAQ - 20071015 SYMSA-2007-010: Microsoft ActiveSync 4.x Weak Password Obfuscation

SREASON - 3232

OSVDB - 38499


Last Updated: 27 May 2016 10:46:10