Vulnerability Description
CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials in plaintext in UninstallerData\installvariables.properties, which has insecure permissions and allows local users to obtain the credentials. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cryptocard | Crypto-Server | 6.4.55 |
References
- http://secunia.com/advisories/22138Vendor Advisory
- http://www.securityfocus.com/bid/21305
- http://www.vupen.com/english/advisories/2006/4710
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30557
- http://secunia.com/advisories/22138Vendor Advisory
- http://www.securityfocus.com/bid/21305
- http://www.vupen.com/english/advisories/2006/4710
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30557
FAQ
What is CVE-2006-6145?
CVE-2006-6145 is a vulnerability with a CVSS score of 2.1 (LOW). CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials in plaintext in UninstallerData\installvariables.properties, which has insecure permissions and allows local users to obtain the credenti...
How severe is CVE-2006-6145?
CVE-2006-6145 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6145?
Check the references section above for vendor advisories and patch information. Affected products include: Cryptocard Crypto-Server.