Lucene search

[email protected]CVE-2004-2555

HistoryNov 21, 2005 - 11:00 a.m.

CVE-2004-2555

2005-11-2111:00:00

[email protected]

web.nvd.nist.gov

cve-2004-2555

riverdeep foolproof security

weak cryptography

windows 98

windows me

local users

password vulnerability

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses weak cryptography (arithmetic and XOR operations) to relate the Control password to the Administrator password, which allows local users to calculate the Administrator password if they know the Control password and password recovery key.

Affected configurations

NVD

Node

smartstufffoolproof_securityMatch3.9

smartstufffoolproof_securityMatch3.9.4

smartstufffoolproof_securityMatch3.9.7

CPENameOperatorVersion
smartstuff:foolproof_securitysmartstuff foolproof securityeq3.9
smartstuff:foolproof_securitysmartstuff foolproof securityeq3.9.4
smartstuff:foolproof_securitysmartstuff foolproof securityeq3.9.7

CPE	Name	Operator	Version
smartstuff:foolproof_security	smartstuff foolproof security	eq	3.9
smartstuff:foolproof_security	smartstuff foolproof security	eq	3.9.4
smartstuff:foolproof_security	smartstuff foolproof security	eq	3.9.7

References

archives.neohapsis.com/archives/fulldisclosure/2004-06/0081.html

secunia.com/advisories/11790

www.osvdb.org/6735

www.securityfocus.com/bid/10467

exchange.xforce.ibmcloud.com/vulnerabilities/16327

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2004-2555

nvd1 cvelist1