Spectrum Cash Receipting System Weak Local Password Encryption Vulnerability
BID:12235
Info
Spectrum Cash Receipting System Weak Local Password Encryption Vulnerability
| Bugtraq ID: | 12235 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 11 2005 12:00AM |
| Updated: | Jan 11 2005 12:00AM |
| Credit: | Discovery is credited to Paul J Docherty <[email protected]>. |
| Vulnerable: |
Spectrum Cash Receipting System 6.406.8 |
| Not Vulnerable: | |
Discussion
Spectrum Cash Receipting System Weak Local Password Encryption Vulnerability
The Spectrum Cash Receipting System stores passwords in a local file for offline access. Passwords stored in this file are encrypted using a weak algorithm. Passwords for all users of the system are also stored in this file, allowing enumeration of user accounts.
This issue was reported to affect Spectrum Cash Receipting System 6.406.08, however, other versions are likely affected.
The Spectrum Cash Receipting System stores passwords in a local file for offline access. Passwords stored in this file are encrypted using a weak algorithm. Passwords for all users of the system are also stored in this file, allowing enumeration of user accounts.
This issue was reported to affect Spectrum Cash Receipting System 6.406.08, however, other versions are likely affected.
Exploit / POC
Spectrum Cash Receipting System Weak Local Password Encryption Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Spectrum Cash Receipting System Weak Local Password Encryption Vulnerability
Solution:
The vendor reports that this issue is resolved in version 6.504 of the application. Customers are advised to contact the vendor in regards to obtaining and applying an appropriate update.
Solution:
The vendor reports that this issue is resolved in version 6.504 of the application. Customers are advised to contact the vendor in regards to obtaining and applying an appropriate update.
References
Spectrum Cash Receipting System Weak Local Password Encryption Vulnerability
References:
References:
- Vendor Response to Portculis Advisory 05-002: Spectrum Cash ("Paul J Docherty"
)