The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information by sniffing the network; and (2) storing passwords in the configuration file, which allows local users to obtain sensitive information by reading this file.
References
Link | Resource |
---|---|
http://osvdb.org/46979 | Broken Link |
http://www.portcullis.co.uk/uplds/advisories/vapassword%20-%2006-042.txt | Broken Link Vendor Advisory |
http://www.securityfocus.com/bid/25153 | Broken Link Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2007-08-03T20:00:00
Updated: 2008-11-15T10:00:00
Reserved: 2007-08-03T00:00:00
Link: CVE-2007-4150
JSON object: View
NVD Information
Status : Analyzed
Published: 2007-08-03T20:17:00.000
Modified: 2024-02-09T03:19:27.583
Link: CVE-2007-4150
JSON object: View
Redhat Information
No data.
CWE