Vulnerability Details : CVE-2005-4860
Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password.
Products affected by CVE-2005-4860
- cpe:2.3:a:spectrumcu:cash_receipting_system:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-4860
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-4860
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | 2024-02-14 |
CWE ids for CVE-2005-4860
-
The product uses a broken or risky cryptographic algorithm or protocol.Assigned by: nvd@nist.gov (Primary)
References for CVE-2005-4860
-
http://www.portcullis.co.uk/uplds/advisories/Portcullis%20Security%20Advisory%2005-002%20Spectrum%20Cash%20Receipting%20System%20Weak%20Password%20Protection%20Vulnerability.txt
Apologies, page not found | Portcullis LabsBroken Link
-
http://marc.info/?l=bugtraq&m=111229613907550&w=2
'Vendor Response to Portculis Advisory 05-002: Spectrum Cash' - MARCMailing List
-
http://secunia.com/advisories/13985
About Secunia Research | FlexeraBroken Link;Vendor Advisory
Jump to