CVE-2002-1946 — MEDIUM (5.5)

Vulnerability Description

Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme (one-to-one mapping) in a registry key, which allows local users to obtain and decrypt the password.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Tata	Integrated Dialer	1.2.000

Related Weaknesses (CWE)

CWE-326

References

http://archives.neohapsis.com/archives/bugtraq/2002-10/0438.htmlBroken Link
http://www.iss.net/security_center/static/10517.phpBroken Link
http://archives.neohapsis.com/archives/bugtraq/2002-10/0438.htmlBroken Link
http://www.iss.net/security_center/static/10517.phpBroken Link

FAQ

What is CVE-2002-1946?

CVE-2002-1946 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme (one-to-one mapping) in a registry ke...

How severe is CVE-2002-1946?

CVE-2002-1946 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2002-1946?

Check the references section above for vendor advisories and patch information. Affected products include: Tata Integrated Dialer.