Vulnerability 2067 - CERT Civis.Net

Vulnerability Name:

CCN-2067

Published:

1999-04-05

Updated:

1999-04-05

Summary:

WinGate stores passwords by default in a system registry key with world-readable permissions. Combined with the weak encryption algorithm used to protect these passwords, it is trivial for an attacker with access to the WinGate server to gain access to them.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Consequences:

Obtain Information

References:

Source: CCN
Type: BugTraq Mailing List, Mon, 5 Apr 1999 17:52:51 -0700
Multiple WinGate Vulnerabilities[Tad late]

Source: XF
Type: UNKNOWN
wingate-registry-passwords(2067)

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:qbik:wingate:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK