Vulnerability Description
Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file.
CVSS Score
7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mckesson | Pathways Homecare | 6.5 |
Related Weaknesses (CWE)
References
- http://www.iss.net/security_center/static/7682.phpBroken Link
- http://www.securityfocus.com/archive/1/244367Broken LinkThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/3653Broken LinkExploitThird Party Advisory
- http://www.iss.net/security_center/static/7682.phpBroken Link
- http://www.securityfocus.com/archive/1/244367Broken LinkThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/3653Broken LinkExploitThird Party Advisory
FAQ
What is CVE-2001-1546?
CVE-2001-1546 is a vulnerability with a CVSS score of 7.8 (HIGH). Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file.
How severe is CVE-2001-1546?
CVE-2001-1546 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1546?
Check the references section above for vendor advisories and patch information. Affected products include: Mckesson Pathways Homecare.