漏洞信息详情
DameWare迷你远程控制服务器明文加密密钥泄露漏洞
- CNNVD编号:CNNVD-200403-099
- 危害等级: 低危
- CVE编号: CVE-2004-1852
- 漏洞类型: 设计错误
- 发布时间: 2004-03-23
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: dameware_development
- 漏洞来源: .');">Discovery is credi...
漏洞简介
DameWare Mini Remote Control 3.74以前的3.x版本和4.2以前的4.x版本在纯文本中传输Blowfish加密密钥。远程攻击者借助该漏洞获得敏感信息。
漏洞公告
The vendor has released Mini Remote Control Server 3.74 to address this issue in 3.x versions and 4.2 to address this issue in 4.x versions. Additional information can be obtained from the vendor advisory available in web references. DameWare Development Mini Remote Control Server 4.0
- DameWare Development Mini Remote Control Server 4.2 http://www.dameware.com/download/
- DameWare Development Mini Remote Control Server 4.2 http://www.dameware.com/download/
参考网址
来源: XF 名称: dameware-encryption-key-plaintext(15586) 链接:http://xforce.iss.net/xforce/xfdb/15586 来源: BID 名称: 9959 链接:http://www.securityfocus.com/bid/9959 来源: www.dameware.com 链接:http://www.dameware.com/support/security/bulletin.asp?ID=SB3 来源: SECUNIA 名称: 11205 链接:http://secunia.com/advisories/11205 来源: OSVDB 名称: 4547 链接:http://www.osvdb.org/4547 来源: SECTRACK 名称: 1009557 链接:http://securitytracker.com/id?1009557 来源: BUGTRAQ 名称: 20040323 Dameware Passes Weak File Encryption Key in the Clear 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108016344224973&w=2
受影响实体
- Dameware_development Mini_remote_control_server:4.1_.0.0
- Dameware_development Mini_remote_control_server:4.0
- Dameware_development Mini_remote_control_server:3.73_.0.0
- Dameware_development Mini_remote_control_server:3.72_.0.0
- Dameware_development Mini_remote_control_server:3.70_.0.0
补丁
暂无
评论