Vulnerability Description
Datakey Rainbow iKey2032 USB token, when using the CIP client package, does not encrypt communications between the token and the driver, which could allow local users to obtain the PINs of other users.
CVSS Score
2.1
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Datakey | Rainbow Ikey2032 Usb Token | All versions |
References
- http://marc.info/?l=bugtraq&m=109164096013467&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16887
- http://marc.info/?l=bugtraq&m=109164096013467&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16887
FAQ
What is CVE-2004-1709?
CVE-2004-1709 is a vulnerability with a CVSS score of 2.1 (LOW). Datakey Rainbow iKey2032 USB token, when using the CIP client package, does not encrypt communications between the token and the driver, which could allow local users to obtain the PINs of other users...
How severe is CVE-2004-1709?
CVE-2004-1709 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1709?
Check the references section above for vendor advisories and patch information. Affected products include: Datakey Rainbow Ikey2032 Usb Token.