CVE-2002-0064

CVE-2002-0064 affects Funk Software’s Proxy Host v3.x on Windows 2000/NT4/9x. The issues include: (1) default filesystem and registry permissions granting the Everyone group excessive access, enabling modification of host settings and passwords; (2) passwords stored in recoverable formats (obfusc...

CVE-2002-1676

The CVE-2002-1676 entry affects BindView NetInventory 1.0 when used with NetRC 1.0. The vulnerability concerns the HOSTCFG._NI file: if deleted, an audit process rewrites HOSTCFG._NI to HOSTCFG.INI, causing passwords to be stored in cleartext until the audit completes. This describes local privil...

CVE-2002-0065

The CVE-2002-0065 issue affects Funk Software Proxy Host 3.x on Windows 2000/NT4 and Windows 9x. The root cause is weakly encrypted/stored passwords (obfuscated registry value on Windows 2000/NT4; PHOST.INI on Windows 9x), enabling local users to recover passwords and gain privileges. The attack ...

CVE-2002-0066

Funk Software Proxy Host 3.x contains multiple issues, primarily: (1) a Windows Named Pipe created by Proxy Host that is accessible with Everyone Full Control, allowing local/remote users to invoke configuration utilities and potentially gain privileges; (2) insecure password storage and recovery...