511 matches found
ArGoSoft FTP Server 1.2.2.2 Weak password encryption
ArGoSoft FTP Server 1.2.2.2 Weak password encryption AFFECTED SYSTEMS ArGoSoft FTP Server 1.2.2.2 DESCRIPTION ArGoSoft FTP Server 1.2.2.2 for win32 is vulnerable to decryption of the password file. As a matter of fact the programmers are aware of this since they have implemented decryption...
ArGoSoft FTP Server 1.2.2.2 - Weak Password Encryption
// source: https://www.securityfocus.com/bid/3029/info ArGoSoft FTP server is an FTP server for the Windows platform. A design error exists in ArGoSoft FTP which enables an authenticated user to view other users encrypted passwords. However due to a weak encryption scheme it is possible for a use...
ArGoSoft FTP Server 1.2.2.2 - Weak Password Encryption
ArGoSoft FTP Server 1.2.2.2 - Weak Password Encryption // source: https://www.securityfocus.com/bid/3029/info ArGoSoft FTP server is an FTP server for the Windows platform. A design error exists in ArGoSoft FTP which enables an authenticated user to view other users encrypted passwords. However d...
CesarFTP v0.98b triple dot Directory Traversal / Weak password encryption
CesarFTP v0.98b triple dot Directory Traversal / Weak password encryption AFFECTED SYSTEMS CesarFTP v0.98b on Windows 9x / ME DESCRIPTION 1 Directory Traversal First, we need a directory where we have access to on the victim host... Or we can create one if we have enough rights ftp://127.0.0.1/...
GuildFTPD v0.97 Directory Traversal / Weak password encryption
GuildFTPD v0.97 Directory Traversal / Weak password encryption AFFECTED SYSTEMS GuildFTPD v0.97 tested on Windows 9x, probably works on NT / 2k as well DESCRIPTION 1 Directory Traversal Consider the following FTP session I'm using windows' FTP.EXE proggie, and its associated commands : The...
CVE-2001-0133
The web administration interface for Interscan VirusWall 3.6.x and earlier does not use encryption, which could allow remote attackers to obtain the administrator password to sniff the administrator password via the setpasswd.cgi program or other HTTP GET requests that contain base64 encoded...
IBM Net.Commerce 3.13.2 Websphere - Weak Password
IBM Net.Commerce 3.13.2 Websphere - Weak Password source: https://www.securityfocus.com/bid/2482/info Versions of IBM NetCommerce and WebSphere Commerce Suite ecommerce packages employ weak password encryption for their users' and administrators' passwords. This encryption is defeatable using a...
Flowerfire Sawmill 5.0.21 - Weak Password Encryption
Flowerfire Sawmill 5.0.21 - Weak Password Encryption // source: https://www.securityfocus.com/bid/1403/info Sawmill is a site statistics package for Unix, Windows and Mac OS. Passwords are encrypted using a weak hash function. This combined with the file disclosure vulnerability in Sawmill bid =...
Flowerfire Sawmill 5.0.21 - Weak Password Encryption
// source: https://www.securityfocus.com/bid/1403/info Sawmill is a site statistics package for Unix, Windows and Mac OS. Passwords are encrypted using a weak hash function. This combined with the file disclosure vulnerability in Sawmill bid = 1402 could allow an attacker to read the contents of...
Visible Systems Razor 4.1 - Password File (2)
Visible Systems Razor 4.1 - Password File 2 source: https://www.securityfocus.com/bid/1424/info The Razor Configuration Management program stores passwords in an insecure manner. A local attacker can obtain the Razor passwords, and either seize control of the software and relevant databases or us...
McMurtrey/Whitaker & Associates Cart32 2.6/3.0 - Remote Administration Password
source: https://www.securityfocus.com/bid/1153/info Within cart32.exe, entering any password by way of http://target/scripts/cart32.exe/cart32clientlist, a remote user could obtain vital client information such as username, password, credit card numbers, and other crucial details. Passwords will...
Слабое шифрование пароля в PC Anywhere
По-умолчанию используется шифрование паролей тривиальным методом, пароль может быть перехвачен и полностью восстановлен. Перехваченный пароль является паролем учетной записи Windows NT...
FTPx FTP Explorer 1.0.00.10 - Weak Password Encryption
FTPx FTP Explorer 1.0.00.10 - Weak Password Encryption // source: https://www.securityfocus.com/bid/1003/info FTP Explorer includes the option to store profiles of visited FTP sites. The user's name and password can also be stored. These stored values are kept in the registry, under the key...
FTPx FTP Explorer 1.0.00.10 - Weak Password Encryption
// source: https://www.securityfocus.com/bid/1003/info FTP Explorer includes the option to store profiles of visited FTP sites. The user's name and password can also be stored. These stored values are kept in the registry, under the key HKCU\Software\FTP Explorer\Profiles\ProfileName\ . The...
CVE-2000-0093
The CVE-2000-0093 entry concerns Red Hat installations that use DES-encrypted passwords via crypt() for the initial password instead of MD5. Affected component is the initial password handling in Red Hat setups; root cause is the use of DES crypt() rather than a stronger hash. Documents explicitl...
CVE-2000-0093
An installation of Red Hat uses DES password encryption with crypt for the initial password, instead of md5...
PT-2000-1082 · Red Hat · Red Hat
Name of the Vulnerable Software and Affected Versions: Red Hat affected versions not specified Description: The issue is related to the use of DES password encryption with crypt for the initial password in Red Hat installations, instead of using md5 encryption. Recommendations: At the moment, the...
Ipswitch IMail Server 5.0/5.0.5/5.0.6/5.0.7/5.0.8/6.0 - Weak Password Encryption
// source: https://www.securityfocus.com/bid/880/info IMail keeps the encrypted passwords for email accounts in a registry key, HKLM\SOFTWARE\Ipswitch\Imail\Domains\DomainName\Users\UserName, in a string value called "Password". The encryption scheme used is weak and has been broken. The followin...
pegasus.mail.passwd.txt
Date: Sat, 15 May 1999 12:42:12 +0000 From: galldor To: [email protected] Subject: Pegasus Mail weak encryption --------------------------------------------------------------------- Pegasus Mail Weak Encryption Versions Effected: ALL but I wrote about the V2 encryption on 3.0+ Bug Found by:...
topdesk.passwd.txt
Date: Mon, 15 Feb 1999 14:05:52 GMT From: dapozza To: [email protected] Subject: lame TOPdesk program encryption Hi all, I was just playing with a program called TOPdesk, it's a helpdesk program and you have the usual login for normal users and superusers. I don't know if this is a Dutch only...