The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information by sniffing the network; and (2) storing passwords in the configuration file, which allows local users to obtain sensitive information by reading this file.
References
Link | Resource |
---|---|
http://osvdb.org/46979 | Broken Link |
http://www.portcullis.co.uk/uplds/advisories/vapassword%20-%2006-042.txt | Broken Link Vendor Advisory |
http://www.securityfocus.com/bid/25153 | Broken Link Third Party Advisory VDB Entry |
Configurations
History
09 Feb 2024, 03:19
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-327 | |
References | () http://osvdb.org/46979 - Broken Link | |
References | () http://www.portcullis.co.uk/uplds/advisories/vapassword%20-%2006-042.txt - Broken Link, Vendor Advisory | |
References | () http://www.securityfocus.com/bid/25153 - Broken Link, Third Party Advisory, VDB Entry |
Information
Published : 2007-08-03 20:17
Updated : 2024-02-09 03:19
NVD link : CVE-2007-4150
Mitre link : CVE-2007-4150
CVE.ORG link : CVE-2007-4150
JSON object : View
Products Affected
visionsoft
- audit
CWE
CWE-327
Use of a Broken or Risky Cryptographic Algorithm