Lucene search

[email protected]CVE-2001-1005

HistoryFeb 02, 2002 - 5:00 a.m.

CVE-2001-1005

2002-02-0205:00:00

[email protected]

web.nvd.nist.gov

cve-2001-1005

starfish truesync desktop

weak encryption

rex 5000 pda

registry key access.

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.024

Percentile

90.1%

JSON

Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak encryption to store the user password in a registry key, which allows attackers who have access to the registry key to decrypt the password and gain privileges.

Affected configurations

NVD

Node

starfishtruesync_desktopMatch2.0b

VendorProductVersionCPE
starfishtruesync_desktop2.0bcpe:/a:starfish:truesync_desktop:2.0b:::

Vendor	Product	Version	CPE
starfish	truesync_desktop	2.0b	cpe:/a:starfish:truesync_desktop:2.0b:::

References

www.securityfocus.com/archive/1/210067

www.securityfocus.com/bid/3231

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.024

Percentile

90.1%

JSON

Related for CVE-2001-1005

cvelist1 nvd1