CVE-2008-0580

Geert Moernaut LSrunasE and Supercrypt use an encryption key composed of an SHA1 hash of a fixed string embedded in the executable file, which makes it easier for local users to obtain this key without reverse engineering.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://securityreason.com/securityalert/3611
http://www.securityfocus.com/archive/1/487269/100/0/threaded
http://www.securityfocus.com/bid/27500
http://securityreason.com/securityalert/3611
http://www.securityfocus.com/archive/1/487269/100/0/threaded
http://www.securityfocus.com/bid/27500

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:geert_moernaut:lsrunase::::::::
	cpe:2.3:a:geert_moernaut:supercrypt::::::::

History

21 Nov 2024, 00:42

Type	Values Removed	Values Added
References	~~() http://securityreason.com/securityalert/3611 -~~	() http://securityreason.com/securityalert/3611 -
References	~~() http://www.securityfocus.com/archive/1/487269/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/487269/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/27500 -~~	() http://www.securityfocus.com/bid/27500 -

Information

Published : 2008-02-05 03:00

Updated : 2025-04-09 00:30

NVD link : CVE-2008-0580

Mitre link : CVE-2008-0580

CVE.ORG link : CVE-2008-0580

JSON object : View

Products Affected

geert_moernaut

lsrunase
supercrypt

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2008-0580", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-02-05T03:00:00.000", "references": [{"url": "http://securityreason.com/securityalert/3611", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/487269/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/27500", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/3611", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/487269/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/27500", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Geert Moernaut LSrunasE and Supercrypt use an encryption key composed of an SHA1 hash of a fixed string embedded in the executable file, which makes it easier for local users to obtain this key without reverse engineering."}, {"lang": "es", "value": "Geert Moernaut LSrunasE y Supercrypt usan una clave de encriptaci\u00f3n compuesta por un hash SHA1 de una cadena fija embebida en el archivo ejecutable, lo que facilita que los usuarios locales puedan obtener esta clave sin ingenier\u00eda inversa."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:geert_moernaut:lsrunase:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC997E02-5B99-4195-83BA-505903D6145A"}, {"criteria": "cpe:2.3:a:geert_moernaut:supercrypt:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8520B808-FC38-4659-BB93-D3764DF901C1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}