Lucene search

[email protected]CVE-2001-1005

HistoryAug 31, 2001 - 4:00 a.m.

CVE-2001-1005

2001-08-3104:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2001-1005

starfish truesync desktop

weak encryption

rex 5000 pda

registry key access.

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

79.1%

JSON

Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak encryption to store the user password in a registry key, which allows attackers who have access to the registry key to decrypt the password and gain privileges.

CPENameOperatorVersion
starfish:truesync_desktopstarfish truesync desktopeq2.0b

CPE	Name	Operator	Version
starfish:truesync_desktop	starfish truesync desktop	eq	2.0b

References

www.securityfocus.com/archive/1/210067

www.securityfocus.com/bid/3231

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

79.1%

JSON