Search...

Macromedia Dreamweaver Weak FTP Password Encryption

1998-06-11T00:00:00

ID OSVDB:6641
Type osvdb
Reporter Jeff Forristal(jeff@neohapsis.com)
Modified 1998-06-11T00:00:00

Description

Vulnerability Description

Dreamweaver contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to weakly encrypted passwords, which may lead to a loss of confidentiality.

Solution Description

Upgrade to version 4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Dreamweaver contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to weakly encrypted passwords, which may lead to a loss of confidentiality.

References:

Vendor URL: http://www.macromedia.com/software/dreamweaver/ Security Tracker: 1005529 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1998_2/0506.html ISS X-Force ID: 1636 CVE-1999-1271

JSON Vulners Source

Initial Source

{"type": "osvdb", "published": "1998-06-11T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:6641", "bulletinFamily": "software", "cvss": {"vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/", "score": 2.1}, "viewCount": 2, "edition": 1, "reporter": "Jeff Forristal(jeff@neohapsis.com)", "title": "Macromedia Dreamweaver Weak FTP Password Encryption", "affectedSoftware": [{"operator": "eq", "version": "3.01", "name": "Dreamweaver"}, {"operator": "eq", "version": "2", "name": "Dreamweaver"}], "enchantments": {"score": {"value": 5.1, "vector": "NONE", "modified": "2017-04-28T13:20:01", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-1999-1271"]}], "modified": "2017-04-28T13:20:01", "rev": 2}, "vulnersScore": 5.1}, "references": [], "id": "OSVDB:6641", "lastseen": "2017-04-28T13:20:01", "cvelist": ["CVE-1999-1271"], "modified": "1998-06-11T00:00:00", "description": "## Vulnerability Description\nDreamweaver contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to weakly encrypted passwords, which may lead to a loss of confidentiality.\n## Solution Description\nUpgrade to version 4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nDreamweaver contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to weakly encrypted passwords, which may lead to a loss of confidentiality.\n## References:\nVendor URL: http://www.macromedia.com/software/dreamweaver/\nSecurity Tracker: 1005529\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/1998_2/0506.html\nISS X-Force ID: 1636\n[CVE-1999-1271](https://vulners.com/cve/CVE-1999-1271)\n"}

{"cve": [{"lastseen": "2021-02-02T05:19:02", "description": "Macromedia Dreamweaver uses weak encryption to store FTP passwords, which could allow local users to easily decrypt the passwords of other users.", "edition": 4, "cvss3": {}, "published": "1998-06-11T04:00:00", "title": "CVE-1999-1271", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-1999-1271"], "modified": "2017-12-19T02:29:00", "cpe": ["cpe:/a:macromedia:dreamweaver:initial"], "id": "CVE-1999-1271", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1271", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:macromedia:dreamweaver:initial:*:*:*:*:*:*:*"]}]}