CVE-2006-3785

Currently unrated

Key Information:

Vendor: Symantec
Status: Pcanywhere
Vendor: CVE Published:; 24 July 2006

Summary

Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin.

References

http://www.securityfocus.com/archive/1/440448/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.digitalbullets.org/?p=3

x_refsource_MISC

http://securityreason.com/securityalert/1261

third-party-advisoryx_refsource_SREASON

Timeline

Vulnerability published
Jul 24, 2006
Vulnerability Reserved
Jul 21, 2006