CVE-2005-1166

The DNTUS26 process in Dameware NT Utilities and the DWRCS process in MiniRemote Control 4.9 and earlier stores the username and password in cleartext in memory, which could allow attackers to obtain sensitive information.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://marc.info/?l=bugtraq&m=111358825101305&w=2
http://securitytracker.com/id?1013725
http://www.osvdb.org/15275
http://www.shellsec.net/leer_advisory.php?id=7
http://marc.info/?l=bugtraq&m=111358825101305&w=2
http://securitytracker.com/id?1013725
http://www.osvdb.org/15275
http://www.shellsec.net/leer_advisory.php?id=7

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dameware_development:dameware_nt_utilities::::::::
	cpe:2.3:a:dameware_development:miniremote_control::::::::

History

20 Nov 2024, 23:56

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=bugtraq&m=111358825101305&w=2 -~~	() http://marc.info/?l=bugtraq&m=111358825101305&w=2 -
References	~~() http://securitytracker.com/id?1013725 -~~	() http://securitytracker.com/id?1013725 -
References	~~() http://www.osvdb.org/15275 -~~	() http://www.osvdb.org/15275 -
References	~~() http://www.shellsec.net/leer_advisory.php?id=7 -~~	() http://www.shellsec.net/leer_advisory.php?id=7 -

Information

Published : 2005-05-02 04:00

Updated : 2024-11-20 23:56

NVD link : CVE-2005-1166

Mitre link : CVE-2005-1166

CVE.ORG link : CVE-2005-1166

JSON object : View

Products Affected

dameware_development

dameware_nt_utilities
miniremote_control

CWE

NVD-CWE-Other

{"id": "CVE-2005-1166", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-05-02T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=111358825101305&w=2", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1013725", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/15275", "source": "cve@mitre.org"}, {"url": "http://www.shellsec.net/leer_advisory.php?id=7", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=111358825101305&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1013725", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/15275", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.shellsec.net/leer_advisory.php?id=7", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The DNTUS26 process in Dameware NT Utilities and the DWRCS process in MiniRemote Control 4.9 and earlier stores the username and password in cleartext in memory, which could allow attackers to obtain sensitive information."}], "lastModified": "2024-11-20T23:56:45.513", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dameware_development:dameware_nt_utilities:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4276059F-F29F-4898-8436-748EE8AEEFF8", "versionEndIncluding": "4.9"}, {"criteria": "cpe:2.3:a:dameware_development:miniremote_control:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D23CE158-8E62-414A-83E0-1CC8AFA91AE6", "versionEndIncluding": "4.9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}