Lucene search

MitreCVE-2006-1198

HistoryMar 14, 2006 - 1:06 a.m.

CVE-2006-1198

2006-03-1401:06:00

mitre

web.nvd.nist.gov

comvigo

im lock 2006

encryption

password

registry

bypass

security

CVSS2

3.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

AI Score

6.3

Confidence

Low

EPSS

Percentile

5.1%

JSON

Comvigo IM Lock 2006 uses a simple substitution cipher to encrypt a password stored in the msnvs\prc registry value, for which all users have Read permission, which allows local users to bypass the product’s blocking functionality by decrypting the password.

Affected configurations

Nvd

Node

comvigoim_lockMatchhome_2006

comvigoim_lockMatchprofessional_2006

VendorProductVersionCPE
comvigoim_lockhome_2006cpe:2.3:a:comvigo:im_lock:home_2006:*:*:*:*:*:*:*
comvigoim_lockprofessional_2006cpe:2.3:a:comvigo:im_lock:professional_2006:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
comvigo	im_lock	home_2006	cpe:2.3:a:comvigo:im_lock:home_2006:::::::*
comvigo	im_lock	professional_2006	cpe:2.3:a:comvigo:im_lock:professional_2006:::::::*

References

secunia.com/advisories/19140

www.securityfocus.com/archive/1/426935/100/0/threaded

www.securityfocus.com/bid/16988

www.vupen.com/english/advisories/2006/0866

exchange.xforce.ibmcloud.com/vulnerabilities/25219

CVSS2

3.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

AI Score

6.3

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2006-1198