Lucene search
K

78 matches found

Prion
Prion
added 2009/06/19 4:30 p.m.18 views

Design/Logic Flaw

The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the...

2.1CVSS6.7AI score0.00356EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2009/06/19 4:30 p.m.20 views

CVE-2009-1679

The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the...

2.1CVSS6.2AI score0.00356EPSS
Exploits0References7
Cvelist
Cvelist
added 2009/06/19 4:0 p.m.24 views

CVE-2009-1679

The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the...

6.2AI score0.00356EPSS
Exploits0References7
CVE
CVE
added 2009/06/19 4:0 p.m.52 views

CVE-2009-1679

The CVE covers Apple iPhone OS 1.0–2.2.1 and iPhone OS for iPod touch 1.1–2.2.1. The Profiles component, when installing a configuration profile, can replace ActiveSync’s password policy with a weaker one, allowing physically proximate attackers to bypass the policy. Impact: bypass of password po...

2.1CVSS6.3AI score0.00356EPSS
Exploits0References7Affected Software1
seebug.org
seebug.org
added 2007/10/18 12:0 a.m.38 views

Microsoft ActiveSync弱口令混淆信息泄露漏洞

BUGTRAQ ID: 25976 CVECAN ID: CVE-2007-5460 Microsoft ActiveSync是用于同步计算机与PDA的应用程序。 ActiveSync设备建立连接口令交换的过程实现上存在漏洞,攻击者可能利用此漏洞获取口令信息。 插入到USB口时设备会使用类似于标准网络接口的连接,获得IP地址后设备会通过RAPI在990/TCP端口初始化与主机的通讯,这个过程也会经历一个小型的握手例程,如果合适的话,会对主机挑战设备PIN或口令。用户提供了主机的PIN/口令后,会通过XOR与E9固定密钥进行混淆,然后通过USB网络连接发送给设备进行验证。...

7.1CVSS6.5AI score0.02219EPSS
Exploits1
NVD
NVD
added 2007/10/15 10:17 p.m.22 views

CVE-2007-5460

Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption XOR obfuscation with a fixed key when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by 1 sniffing or 2...

7.1CVSS4.7AI score0.02219EPSS
Exploits1References5
Prion
Prion
added 2007/10/15 10:17 p.m.18 views

Code injection

Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption XOR obfuscation with a fixed key when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by 1 sniffing or 2...

7.1CVSS6.9AI score0.02219EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2007/10/15 10:0 p.m.69 views

CVE-2007-5460

Microsoft ActiveSync 4.1 (used with Windows Mobile 5.0) contains a cryptographic weakness: PIN/Password is sent over USB using XOR obfuscation with a fixed key, enabling potential recovery of credentials if the host network is sniffed or the USB docking process is spoofed. Affected component/proc...

7.1CVSS4.7AI score0.02219EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2007/10/15 10:0 p.m.35 views

CVE-2007-5460

Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption XOR obfuscation with a fixed key when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by 1 sniffing or 2...

4.6AI score0.02219EPSS
Exploits1References5
securityvulns
securityvulns
added 2005/08/02 12:0 a.m.33 views

Microsoft ActiveSync multiple vulnerabilities

During synchronization with broadcast media LAN or Wi-Fi all data, including authentication is sent cleartext and it's possible to spoof client or server. It's possible to access device without password, DoS...

3.1AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2005/08/02 12:0 a.m.27 views

[SA16283] Microsoft ActiveSync Denial of Service and Equipment ID Enumeration

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2005/08/02 12:0 a.m.266 views

Microsoft ActiveSync clear text password

Microsoft ActiveSync clear text password Microsoft ActiveSync is widely used to synchronies Windows based PDAs and smartphones with desktop computer. PDA can connect to PC via COM/USB/IR or LAN. Before synchronization user on PC must setup "partnership" to allow synchronization. If PDA is protect...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2003/03/22 12:0 a.m.31 views

IRM 004: ActiveSync Version 3.5 Denial of Service Vulnerability

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- IRM Security Advisory No. 004 ActiveSync version 3.5 Denial of Service Vulnerability Vulnerablity Type / Importance: Denial of Service / High Problem discovered: November 26th 2002 Vendor contacted: November 26th 2002 Advisory...

0.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2003/03/22 12:0 a.m.20 views

Microsoft ActiveSync WideCharToMultiByte() Function NULL Dereference Remote DoS

The remote service probably ActiveSync could be crashed by sending it a malformed packet advertising a wrong content-length. An attacker may use this flaw to disable this service remotely. It is not clear at this time if this vulnerability can be used to execute arbitrary code on this host,...

5.8AI score
Exploits0
exploitpack
exploitpack
added 2003/03/20 12:0 a.m.21 views

Microsoft ActiveSync 3.5 - Null Pointer Dereference Denial of Service

Microsoft ActiveSync 3.5 - Null Pointer Dereference Denial of Service // source: https://www.securityfocus.com/bid/7150/info A problem with ActiveSync could make it possible for remote users to trigger a denial of service. It has been reported that under some circumstances, the ActiveSync wcescom...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2003/03/20 12:0 a.m.27 views

Microsoft ActiveSync 3.5 - Null Pointer Dereference Denial of Service

// source: https://www.securityfocus.com/bid/7150/info A problem with ActiveSync could make it possible for remote users to trigger a denial of service. It has been reported that under some circumstances, the ActiveSync wcescomm service can be forced to crash. Due to improper handling of some...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2001/04/17 12:0 a.m.49 views

Проблемы с MS ActiveSync (locked workstation access)

Можно получить доступ к заблокированной рабочей станции...

1.8AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2001/04/17 12:0 a.m.24 views

ActiveSync can access a locked workstation w/o unlocking

Microsoft was notified on 3/28/2001, you may use my name when publishing this. I cannot register on your site, so I am trying the general e-mail addresses. Platforms tested: =================================================== Microsoft Windows 2000 Professional build 2195 w/ SP1 Microsoft...

7AI score
Exploits0
Rows per page
Query Builder