CVE-2007-6340

The connected advisory confirms CVE-2007-6340 affects LSrunasE 1.0 and Supercrypt 1.0 and explains the root cause: RC4 is used without a unique initialization vector, deriving a constant keystream across all passwords. This insecure design allows an attacker with local access to break encryption ...

CVE-2008-0581

CVE-2008-0581 involves Geert Moernaut LSrunasE and describes a local privilege escalation where a user can obtain the encrypted password from a batch file and then create a modified batch file that uses the /password switch to supply that password and the /command switch to run an arbitrary progr...