CVE-2014-0361 — LOW (3.0) — White Hats Nepal

Vulnerability Description

The default configuration of IBM 4690 OS, as used in Toshiba Global Commerce Solutions 4690 POS and other products, hashes passwords with the ADXCRYPT algorithm, which makes it easier for context-dependent attackers to obtain sensitive information via unspecified cryptanalysis of an ADXCSOUF.DAT file.

CVSS Score

3.0

LOW

AV:L/AC:M/Au:S/C:P/I:P/A:N

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Toshibacommerce	4690 Point Of Sale Operating System	6.2

Related Weaknesses (CWE)

CWE-310

References

http://www-01.ibm.com/support/docview.wss?uid=pos1R1005054Vendor Advisory
http://www.kb.cert.org/vuls/id/622950US Government Resource
http://www-01.ibm.com/support/docview.wss?uid=pos1R1005054Vendor Advisory
http://www.kb.cert.org/vuls/id/622950US Government Resource

FAQ

What is CVE-2014-0361?

CVE-2014-0361 is a vulnerability with a CVSS score of 3.0 (LOW). The default configuration of IBM 4690 OS, as used in Toshiba Global Commerce Solutions 4690 POS and other products, hashes passwords with the ADXCRYPT algorithm, which makes it easier for context-depe...

How severe is CVE-2014-0361?

CVE-2014-0361 has been rated LOW with a CVSS base score of 3.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-0361?

Check the references section above for vendor advisories and patch information. Affected products include: Toshibacommerce 4690 Point Of Sale Operating System.