CRYPTOCard CRYPTO-Server Local Information Disclosure Vulnerability
BID:21305
Info
CRYPTOCard CRYPTO-Server Local Information Disclosure Vulnerability
| Bugtraq ID: | 21305 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 27 2006 12:00AM |
| Updated: | Nov 29 2006 04:59PM |
| Credit: | nnposter is credited with the discovery of this vulnerability. |
| Vulnerable: |
CRYPTOCard CRYPTO-Server 6.4 CRYPTOCard CRYPTO-Server 6.3 |
| Not Vulnerable: |
CRYPTOCard CRYPTO-Server 6.4.56 |
Discussion
CRYPTOCard CRYPTO-Server Local Information Disclosure Vulnerability
CRYPTO-Server is prone to an information-disclosure vulnerability due to a design error.
Attackers could exploit this issue to access sensitive information that could aid in further attacks against the affected computer and related databases.
Versions 6.3 and 6.4 are vulnerable; other version may also be affected.
CRYPTO-Server is prone to an information-disclosure vulnerability due to a design error.
Attackers could exploit this issue to access sensitive information that could aid in further attacks against the affected computer and related databases.
Versions 6.3 and 6.4 are vulnerable; other version may also be affected.
Exploit / POC
CRYPTOCard CRYPTO-Server Local Information Disclosure Vulnerability
An attacker can exploit this issue by gaining local interactive access to a computer running the affected application and reading the affected file.
An attacker can exploit this issue by gaining local interactive access to a computer running the affected application and reading the affected file.
Solution / Fix
CRYPTOCard CRYPTO-Server Local Information Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
The reporter of this issue states that version 6.4.56 is not affected by this issue. Users of affected packages should contact the vendor for more information.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
The reporter of this issue states that version 6.4.56 is not affected by this issue. Users of affected packages should contact the vendor for more information.
References
CRYPTOCard CRYPTO-Server Local Information Disclosure Vulnerability
References:
References:
- CRYPTOCard Home Page (CRYPTOCard)