Vulnerability Description
Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Pcanywhere | 12.5 |
References
- http://securityreason.com/securityalert/1261
- http://www.digitalbullets.org/?p=3
- http://www.securityfocus.com/archive/1/440448/100/0/threaded
- http://securityreason.com/securityalert/1261
- http://www.digitalbullets.org/?p=3
- http://www.securityfocus.com/archive/1/440448/100/0/threaded
FAQ
What is CVE-2006-3785?
CVE-2006-3785 is a vulnerability with a CVSS score of 2.1 (LOW). Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the...
How severe is CVE-2006-3785?
CVE-2006-3785 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3785?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Pcanywhere.