Vulnerability Description
ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to protect a data file whose contents are stored in plaintext, which allows local users to disable authentication and access the file by modifying a certain value in the file header.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Scarybear | Pocketexpense Pro | 3.9.1 |
References
- http://airscanner.com/security/06062602_pocketexpensepro.htmExploitVendor Advisory
- http://securityreason.com/securityalert/1559
- http://www.securityfocus.com/archive/1/445607/100/0/threaded
- http://airscanner.com/security/06062602_pocketexpensepro.htmExploitVendor Advisory
- http://securityreason.com/securityalert/1559
- http://www.securityfocus.com/archive/1/445607/100/0/threaded
FAQ
What is CVE-2006-4745?
CVE-2006-4745 is a vulnerability with a CVSS score of 3.6 (LOW). ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to protect a data file whose contents are stored in plaintext, which allows local users to disable authentication and access the file ...
How severe is CVE-2006-4745?
CVE-2006-4745 has been rated LOW with a CVSS base score of 3.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4745?
Check the references section above for vendor advisories and patch information. Affected products include: Scarybear Pocketexpense Pro.