CVE-2004-2555

Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses weak cryptography (arithmetic and XOR operations) to relate the Control password to the Administrator password, which allows local users to calculate the Administrator password if they know the Control password and password recovery key.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0081.html	Exploit
http://www.securityfocus.com/bid/10467	Exploit
http://www.osvdb.org/6735	Exploit
http://secunia.com/advisories/11790
https://exchange.xforce.ibmcloud.com/vulnerabilities/16327

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:smartstuff:foolproof_security:3.9:::::::*
	cpe:2.3:a:smartstuff:foolproof_security:3.9.4:::::::*
	cpe:2.3:a:smartstuff:foolproof_security:3.9.7:::::::*

Information

Published : 2004-12-30 21:00

Updated : 2017-07-10 18:32

NVD link : CVE-2004-2555

Mitre link : CVE-2004-2555

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

smartstuff

foolproof_security

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0081.html", "name": "20040604 [CYSA-0329] Password recovery vulnerability in FoolProof Security 3.9.x for Windows 95/9", "tags": ["Exploit"], "refsource": "FULLDISC"}, {"url": "http://www.securityfocus.com/bid/10467", "name": "10467", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://www.osvdb.org/6735", "name": "6735", "tags": ["Exploit"], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/11790", "name": "11790", "tags": [], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16327", "name": "foolproof-admin-password-recovery(16327)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses weak cryptography (arithmetic and XOR operations) to relate the Control password to the Administrator password, which allows local users to calculate the Administrator password if they know the Control password and password recovery key."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-2555", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2004-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:smartstuff:foolproof_security:3.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:smartstuff:foolproof_security:3.9.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:smartstuff:foolproof_security:3.9.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:32Z"}