Microsoft Expression Media Plaintext Password Storage Weakness

2008-01-06T00:00:00
ID SSV:2774
Type seebug
Reporter Root
Modified 2008-01-06T00:00:00

Description

CVE-2007-5470

Microsoft Expression Media is prone to a weakness because passwords are stored in plain-text format. This issue stems from a design error in the catalog password-protection feature.

Attackers could use this issue in conjunction with other vulnerabilities in a host to gain access to user authentication credentials. This poses an additional risk since users may recycle credentials across multiple services.

Microsoft Expression Media 1 SP1 Microsoft官方发布了知识库文章详细介绍。请参阅参考资料以获取更多信息。