||Unspecified vulnerability in SecureICA and ICA Basic encryption of
Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and
earlier, and Desktop Server 1.0 can cause clients to use weaker
encryption settings than configured by the administrator, which might
allow attackers to bypass intended restrictions.
||axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x
before 6.9.176 generates credentials with a fixed salt or without any
salt, which makes it easier for remote attackers to guess encrypted
||The crypt_gensalt functions for BSDI-style extended DES-based and
FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and
earlier do not evenly and randomly distribute salts, which makes it
easier for attackers to guess passwords from a stolen password file
due to the increased number of collisions.
||The installation of Sun ONE Application Server 7.0 for Windows 2000/XP
creates a statefile with world-readable permissions, which allows
local users to gain privileges by reading a plaintext password in the
||PalmVNC 1.40 and earlier stores passwords in plaintext in the
PalmVNCDB, which is backed up to PCs that the Palm is synchronized
with, which could allow attackers to gain privileges.
||PuTTY 0.53b and earlier does not clear logon credentials from memory,
including plaintext passwords, which could allow attackers with access
to memory to steal the SSH credentials.
||SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX
2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear
logon credentials from memory, including plaintext passwords, which
could allow attackers with access to memory to steal the SSH
||AbsoluteTelnet SSH2 client does not clear logon credentials from
memory, including plaintext passwords, which could allow attackers
with access to memory to steal the SSH credentials.
||The encryption algorithms for enable and passwd commands on Cisco PIX
Firewall can be executed quickly due to a limited number of rounds,
which make it easier for an attacker to decrypt the passwords using
brute force techniques.
||Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and
RDP 5.1 in Windows XP does not encrypt the checksums of plaintext
session data, which could allow a remote attacker to determine the
contents of encrypted sessions via sniffing, aka "Weak Encryption in
||Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the
administrative console password in plaintext in the abyss.conf file,
which allows local users with access to the file to gain privileges.
"session timeout" re-authentication capability, which could allow
local users with access to gain privileges of other Xpede users by
reading the password from the source file, e.g. from the browser's
||VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router
before 1.40.1 reduces the key lengths for keys that are supplied via
manual key entry, which makes it easier for attackers to crack the
||Symantec Ghost 7.0 stores usernames and passwords in plaintext in the
NGServer\params registry key, which could allow an attacker to gain
||Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores
usernames and passwords for a local LiveUpdate server in cleartext in
the registry, which may allow remote attackers to impersonate the
||Hotline Client 1.8.5 stores sensitive user information, including
passwords, in plaintext in the bookmarks file, which could allow local
users with access to the bookmarks file to gain privileges by
extracting the passwords.
||InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and
account data in plaintext in (1) .pwd files in the miniportal/apache
directory, or (2) mplog.txt, which could allow local users to gain
||Bugzilla before 2.14 does not restrict access to sanitycheck.cgi,
which allows local users to cause a denial of service (CPU
consumption) via a flood of requests to sanitycheck.cgi.
||Bugzilla before 2.14 stores user passwords in plaintext and sends
password requests in an email message, which could allow attackers to
||NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak
hashing, a fixed salt value and modulo 40 calculations, which allows
remote attackers to conduct brute force password guessing attacks
against the administrator account on port 7021.
||NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in
SurgeFTP, DMail, and possibly other packages, uses weak password
hashing, which could allow local users to decrypt passwords or use a
different password that has the same hash value as the correct
||CesarFTP 0.98b and earlier stores usernames and passwords in plaintext
in the settings.ini file, which allows attackers to gain privileges.
||Respondus 1.1.2 for WebCT uses weak encryption to remember usernames
and passwords, which allows local users who can read the WEBCT.SVR
file to decrypt the passwords and gain additional privileges.
||UltraEdit uses weak encryption to record FTP passwords in the
uedit32.ini file, which allows local users who can read the file to
decrypt the passwords and gain privileges.
||PHP-Nuke 5.1 stores user and administrator passwords in a base-64
encoded cookie, which could allow remote attackers to gain privileges
by stealing or sniffing the cookie and decoding it.
||A long 'synch' delay in Logitech wireless mice and keyboard receivers
allows a remote attacker to hijack connections via a man-in-the-middle
||Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and
earlier for the PalmOS allows a local attacker to recover passwords
via a brute force attack. This attack is made feasible by STRIP's use
of SysRandom, which is seeded by TimeGetTicks, and an implementation
flaw which vastly reduces the password 'search space'.
||CoffeeCup Direct and Free FTP clients uses weak encryption to store
passwords in the FTPServers.ini file, which could allow attackers to
easily decrypt the passwords.
||Microsys CyberPatrol uses weak encryption (trivial encoding) for
credit card numbers and uses no encryption for the remainder of the
information during registration, which could allow attackers to sniff
network traffic and obtain this sensitive information.
||PalmOS 3.5.2 and earlier uses weak encryption to store the user
password, which allows attackers with physical access to the Palm
device to decrypt the password and gain access to the device.
||Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to
store usernames and passwords in the SNMP MIB, which allows an
attacker who knows the community name to crack the password and gain
||WinU 5.x and earlier uses weak encryption to store its configuration
password, which allows local users to decrypt the password and gain
||NetZero 3.0 and earlier uses weak encryption for storing a user's
login information, which allows a local user to decrypt the password.
||SawMill 5.0.21 uses weak encryption to store passwords, which allows
attackers to easily decrypt the password and modify the SawMill
||The Razor configuration management tool uses weak encryption for its
password file, which allows local users to gain privileges.
||eTrust Intrusion Detection System (formerly SessionWall-3) uses weak
encryption (XOR) to store administrative passwords in the registry,
which allows local users to easily decrypt the passwords.
||PassWD 1.2 uses weak encryption (trivial encoding) to store passwords,
which allows an attacker who can read the password file to easliy
decrypt the passwords.
||The Protected Store in Windows 2000 does not properly select the
strongest encryption when available, which causes it to use a default
of 40-bit encryption instead of 56-bit DES encryption, aka the
"Protected Store Key Length" vulnerability.
||Omnis Studio 2.4 uses weak encryption (trivial encoding) for
encrypting database fields.
||The default configuration of SYSKEY in Windows 2000 stores the startup
key in the registry, which could allow an attacker tor ecover it and
use it to decrypt Encrypted File System (EFS) data.
||Meeting Maker uses weak encryption (a polyalphabetic substitution
cipher) for passwords, which allows remote attackers to sniff and
decrypt passwords for Meeting Maker accounts.
||The default encryption method of PcAnywhere 9.x uses weak encryption,
which allows remote attackers to sniff and decrypt PcAnywhere or NT
||CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a
user's PIN number, which allows an attacker with access to the .PDB
file to generate valid PT-1 tokens after cracking the PIN.
||The crypt function in QNX uses weak encryption, which allows local
users to decrypt passwords.
||The Citrix ICA (Independent Computing Architecture) protocol uses weak
encryption (XOR) for user authentication.
||FTP Explorer uses weak encryption for storing the username, password,
and profile of FTP sites.
||When a new SQL Server is registered in Enterprise Manager for
Microsoft SQL Server 7.0 and the "Always prompt for login name and
password" option is not set, then the Enterprise Manager uses weak
encryption to store the login ID and password.
||An installation of Red Hat uses DES password encryption with crypt()
for the initial password, instead of md5.
||CuteFTP uses weak encryption to store password information in its
||IMail POP3 daemon uses weak encryption, which allows local users to
||MacOS uses weak encryption for passwords that are stored in the Users
& Groups Data File.
||shell-lock in Cactus Software Shell Lock uses weak encryption (trivial
encoding) which allows attackers to easily decrypt and obtain the
||Netscape Navigator uses weak encryption for storing a user's Netscape
||IBM WebSphere ikeyman tool uses weak encryption to store
a password for a key database that is used for SSL connections.
||HP Secure Web Console uses weak encryption.
||The ColdFusion CFCRYPT program for encrypting CFML templates has weak
encryption, allowing attackers to decrypt the templates.
||A weak encryption algorithm is used for passwords in SCO TermVision,
allowing them to be easily decrypted by a local user.
||ControlIT v4.5 and earlier uses weak encryption to store
usernames and passwords in an address book.
||ControlIT 4.5 and earlier (aka Remotely Possible) has weak password