Fiche créée le 2005-07-06 15:06:39, dernière mise à jour le 2010-05-28 20:41:42
Access Remote PC contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to RPC Subscription Service passwords by reading the 'HKEY_LOCAL_MACHINE\Software\Access Remote PC\Server\Proxy\RPCNumber' and 'HKEY_LOCAL_MACHINE\Software\Access Remote PC\Server\Proxy\Password' registry keys, which store that passwords without using encryption.
|
| |
| Access Remote PC 4.5.1 Affected |
| Access Remote PC 4.5 Affected |
| Access Remote PC 4.4.x Affected |
| Access Remote PC 4.3.x Affected |
| Access Remote PC 4.2.x Affected |
| Access Remote PC 4.1.x Affected |
| Access Remote PC 4.0.x Affected |
| Access Remote PC 3.x Possible Affected |
| |
Attack Type : Cryptographic
weak encryption (implementation or algorithm), no encryption (plaintext), sniffing. |
Découvert le 2005-07-04 15:06:38
|
Attack Type : Information Disclosure
comments, passwords, fingerprinting, system information. |
| |
| Exploit : Exploit Public |
Exploit découvert le 2005-07-04 07:00:00
|
Impact : Loss of Confidentiality
Assurance that data is protected and not disclosed to an unauthorized party.
Examples: password disclosures, server information, environment variables, confirmation of file existence, path disclosure, file content access, some SQL injection. |
| |
Location : Local Access Required
Requires a local account, shell access, etc. Any vulnerability that doesn't require network layer to exploit. |
| |
Location : Remote / Network Access
If network access if required and exploit can be done remotely. |
| |
| |
| External refs : |
| OSVDB 17749 |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
