Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6340

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2007-6340
Last Modified 05 Sep 2008 05:32:59
Published 04 Feb 2008 10:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2007-6340

Summary

Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector (IV), which makes it easier for local users to obtain cleartext passwords.

Vulnerable Systems

Application

  • Moernaut Lsrunase 1.0

  • Moernaut Supercrypt 1.0


References

CONFIRM - http://www.moernaut.com/default.aspx?item=supercrypt

CONFIRM - http://www.moernaut.com/default.aspx?item=lsrunase

BUGTRAQ - 20080129 Insecure Use of RC4 in LSrunasE and Supercrypt (CVE-2007-6340)

SREASON - 3611


Last Updated: 27 May 2016 10:46:28