Vulnerability Description
Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password.
CVSS Score
7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Spectrumcu | Cash Receipting System | < 6.504 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=111229613907550&w=2Mailing List
- http://secunia.com/advisories/13985Broken LinkVendor Advisory
- http://www.portcullis.co.uk/uplds/advisories/Portcullis%20Security%20Advisory%20Broken Link
- http://marc.info/?l=bugtraq&m=111229613907550&w=2Mailing List
- http://secunia.com/advisories/13985Broken LinkVendor Advisory
- http://www.portcullis.co.uk/uplds/advisories/Portcullis%20Security%20Advisory%20Broken Link
FAQ
What is CVE-2005-4860?
CVE-2005-4860 is a vulnerability with a CVSS score of 7.8 (HIGH). Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a passwo...
How severe is CVE-2005-4860?
CVE-2005-4860 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4860?
Check the references section above for vendor advisories and patch information. Affected products include: Spectrumcu Cash Receipting System.