Blowfish Encryption Key Exposure in DameWare Mini Remote Control by DameWare
CVE-2004-1852

Currently unrated

Key Information:

Vendor: Solarwinds
Status: Dameware Mini Remote Control
Vendor: CVE Published:; 23 March 2004

Summary

The DameWare Mini Remote Control application in versions 3.x prior to 3.74 and 4.x prior to 4.2 transmits the Blowfish encryption key in plaintext. This flaw allows remote attackers to intercept sensitive information, thereby increasing the risk of unauthorized access and exploitation of the remote control functionality. Users are advised to upgrade to the latest versions to mitigate this vulnerability, ensuring encryption keys are properly secured.

References

http://www.dameware.com/support/security/bulletin.asp?ID=SB3

x_refsource_CONFIRM

http://marc.info/?l=bugtraq&m=108016344224973&w=2

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/15586

vdb-entryx_refsource_XF

Timeline

Vulnerability Reserved
May 4, 2005
Vulnerability published
Mar 23, 2004