Dameware Passes Weak File Encryption Key in the Clear

Dameware Mini Remote Control version 4.1.0.0 and presumably other versions pass a Blowfish encryption key over the wire in the clear. It is bad enough that they appear to be using Blowfish in Electronic Codebook Mode; but they compound their errors by the following two vulnerabilities. The Damewa...

CVE-2004-1852

DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain sensitive information...