Computer Security

CVE-2007-0889
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2007-0889
StatusCandidate
DescriptionKiwi CatTools before 3.2.0 beta uses weak encryption ("reversible encoding") for passwords, account names, and IP addresses in kiwidb-cattools.kdb, which might allow local users to gain sensitive information by decrypting the file.  NOTE: this issue could be leveraged with a directory traversal vulnerability for a remote attack vector.
SeverityMedium
CVSS score4,9
CVSS vector(AV:L/AC:L/Au:NR/C:P/I:P/A:P/B:N)
PhaseAssigned (12.02.2007)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0889
ReferencesBUGTRAQ : 20070208 TFTP directory traversal in Kiwi CatTools
 SECUNIA : 24103
SecurityVulns:Kiwi CatTools TFTO directory traversal
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server