Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3147

Overview

Vulnerability Score 4.7 4.7
CVE Id CVE-2008-3147
Last Modified 03 Jun 2009 01:21:08
Published 11 Jul 2008 03:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3147

Summary

WeFi 3.2.1.4.1, when diagnostic mode is enabled, stores (1) WEP, (2) WPA, and (3) WPA2 access-point keys in (a) ClientWeFiLog.dat, (b) ClientWeFiLog.bak, and possibly (c) a certain .inf file under %PROGRAMFILES%\WeFi\Users\, and uses cleartext for the ClientWeFiLog files, which allows local users to obtain sensitive information by reading these files.

Vulnerable Systems

Application

  • Wefi 3.2.1.4.1


References

XF - wefi-clientwefilog-info-disclosure(43621)

BID - 30088

BUGTRAQ - 20080708 Re: Local vulnerability in WeFi Client v3.2.1.4.1(Update)

BUGTRAQ - 20080704 Local vulnerability in WeFi Client v3.2.1.4.1(Update)

SREASON - 3987

SECUNIA - 30966

OSVDB - 51543


Last Updated: 27 May 2016 10:48:05