Vulnerability Description
Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's and stores user account numbers in plaintext in the HKEY_CURRENT_USER\Software\MediaRing.com\SDK\NetTelephone\settings registry key, which could allow local users to gain unauthorized access to NetTelephone accounts.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nettelephone | Nettelephone | 3.5.6 |
References
- http://archives.neohapsis.com/archives/bugtraq/2003-01/0046.htmlVendor Advisory
- http://www.iss.net/security_center/static/11007.php
- http://archives.neohapsis.com/archives/bugtraq/2003-01/0046.htmlVendor Advisory
- http://www.iss.net/security_center/static/11007.php
FAQ
What is CVE-2003-1276?
CVE-2003-1276 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's and stores user account numbers in plaintext in the HKEY_CURRENT_USER\Software\MediaRing.com\SDK\NetTelephone\settings registry ke...
How severe is CVE-2003-1276?
CVE-2003-1276 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1276?
Check the references section above for vendor advisories and patch information. Affected products include: Nettelephone Nettelephone.