78 matches found
Design/Logic Flaw
The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the...
CVE-2009-1679
The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the...
CVE-2009-1679
The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the...
CVE-2009-1679
The CVE covers Apple iPhone OS 1.0–2.2.1 and iPhone OS for iPod touch 1.1–2.2.1. The Profiles component, when installing a configuration profile, can replace ActiveSync’s password policy with a weaker one, allowing physically proximate attackers to bypass the policy. Impact: bypass of password po...
Microsoft ActiveSync弱口令混淆信息泄露漏洞
BUGTRAQ ID: 25976 CVECAN ID: CVE-2007-5460 Microsoft ActiveSync是用于同步计算机与PDA的应用程序。 ActiveSync设备建立连接口令交换的过程实现上存在漏洞,攻击者可能利用此漏洞获取口令信息。 插入到USB口时设备会使用类似于标准网络接口的连接,获得IP地址后设备会通过RAPI在990/TCP端口初始化与主机的通讯,这个过程也会经历一个小型的握手例程,如果合适的话,会对主机挑战设备PIN或口令。用户提供了主机的PIN/口令后,会通过XOR与E9固定密钥进行混淆,然后通过USB网络连接发送给设备进行验证。...
CVE-2007-5460
Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption XOR obfuscation with a fixed key when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by 1 sniffing or 2...
Code injection
Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption XOR obfuscation with a fixed key when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by 1 sniffing or 2...
CVE-2007-5460
Microsoft ActiveSync 4.1 (used with Windows Mobile 5.0) contains a cryptographic weakness: PIN/Password is sent over USB using XOR obfuscation with a fixed key, enabling potential recovery of credentials if the host network is sniffed or the USB docking process is spoofed. Affected component/proc...
CVE-2007-5460
Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption XOR obfuscation with a fixed key when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by 1 sniffing or 2...
Microsoft ActiveSync multiple vulnerabilities
During synchronization with broadcast media LAN or Wi-Fi all data, including authentication is sent cleartext and it's possible to spoof client or server. It's possible to access device without password, DoS...
[SA16283] Microsoft ActiveSync Denial of Service and Equipment ID Enumeration
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
Microsoft ActiveSync clear text password
Microsoft ActiveSync clear text password Microsoft ActiveSync is widely used to synchronies Windows based PDAs and smartphones with desktop computer. PDA can connect to PC via COM/USB/IR or LAN. Before synchronization user on PC must setup "partnership" to allow synchronization. If PDA is protect...
IRM 004: ActiveSync Version 3.5 Denial of Service Vulnerability
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- IRM Security Advisory No. 004 ActiveSync version 3.5 Denial of Service Vulnerability Vulnerablity Type / Importance: Denial of Service / High Problem discovered: November 26th 2002 Vendor contacted: November 26th 2002 Advisory...
Microsoft ActiveSync WideCharToMultiByte() Function NULL Dereference Remote DoS
The remote service probably ActiveSync could be crashed by sending it a malformed packet advertising a wrong content-length. An attacker may use this flaw to disable this service remotely. It is not clear at this time if this vulnerability can be used to execute arbitrary code on this host,...
Microsoft ActiveSync 3.5 - Null Pointer Dereference Denial of Service
Microsoft ActiveSync 3.5 - Null Pointer Dereference Denial of Service // source: https://www.securityfocus.com/bid/7150/info A problem with ActiveSync could make it possible for remote users to trigger a denial of service. It has been reported that under some circumstances, the ActiveSync wcescom...
Microsoft ActiveSync 3.5 - Null Pointer Dereference Denial of Service
// source: https://www.securityfocus.com/bid/7150/info A problem with ActiveSync could make it possible for remote users to trigger a denial of service. It has been reported that under some circumstances, the ActiveSync wcescomm service can be forced to crash. Due to improper handling of some...
Проблемы с MS ActiveSync (locked workstation access)
Можно получить доступ к заблокированной рабочей станции...
ActiveSync can access a locked workstation w/o unlocking
Microsoft was notified on 3/28/2001, you may use my name when publishing this. I cannot register on your site, so I am trying the general e-mail addresses. Platforms tested: =================================================== Microsoft Windows 2000 Professional build 2195 w/ SP1 Microsoft...