5 matches found
Microsoft ActiveSync Null Pointer Dereference DoS Vulnerability
Microsoft ActiveSync is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microsoft ActiveSync弱口令混淆信息泄露漏洞
BUGTRAQ ID: 25976 CVECAN ID: CVE-2007-5460 Microsoft ActiveSync是用于同步计算机与PDA的应用程序。 ActiveSync设备建立连接口令交换的过程实现上存在漏洞,攻击者可能利用此漏洞获取口令信息。 插入到USB口时设备会使用类似于标准网络接口的连接,获得IP地址后设备会通过RAPI在990/TCP端口初始化与主机的通讯,这个过程也会经历一个小型的握手例程,如果合适的话,会对主机挑战设备PIN或口令。用户提供了主机的PIN/口令后,会通过XOR与E9固定密钥进行混淆,然后通过USB网络连接发送给设备进行验证。...
CVE-2007-5460
Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption XOR obfuscation with a fixed key when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by 1 sniffing or 2...
Code injection
Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption XOR obfuscation with a fixed key when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by 1 sniffing or 2...
CVE-2007-5460
Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption XOR obfuscation with a fixed key when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by 1 sniffing or 2...