NetSupport School Weak Password Encryption Vulnerability
BID:9981
Info
NetSupport School Weak Password Encryption Vulnerability
| Bugtraq ID: | 9981 |
| Class: | Design Error |
| CVE: |
CVE-2004-1861 |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 26 2004 12:00AM |
| Updated: | Sep 10 2007 09:41PM |
| Credit: | Discovery of this issue is credited to "spiffomatic 64" <[email protected]>. |
| Vulnerable: |
NetSupport School 7.5 NetSupport School 7.0 1 NetSupport School 7.0 |
| Not Vulnerable: |
NetSupport School 7.50f1 |
Discussion
NetSupport School Weak Password Encryption Vulnerability
NetSupport School is prone to a password-encryption vulnerability because the application fails to protect passwords with a sufficiently effective encryption scheme.
Exploiting this issue may allow an attacker to access user and administrator passwords for the affected application.
NetSupport School is prone to a password-encryption vulnerability because the application fails to protect passwords with a sufficiently effective encryption scheme.
Exploiting this issue may allow an attacker to access user and administrator passwords for the affected application.
Exploit / POC
NetSupport School Weak Password Encryption Vulnerability
The following exploit has been provided:
The following exploit has been provided:
Solution / Fix
NetSupport School Weak Password Encryption Vulnerability
Solution:
The vendor has released updates to address this issue. Please contact the vendor for details on obtaining and applying the appropriate updates.
Solution:
The vendor has released updates to address this issue. Please contact the vendor for details on obtaining and applying the appropriate updates.
References
NetSupport School Weak Password Encryption Vulnerability
References:
References:
- NetSupport School Home Page (NetSupport)
- Setting the Manager Client or School Student to store security keys using a high (NetSupport)