Vulnerability Details CVE-2005-4860
Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.0%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.9
References
- http://marc.info/?l=bugtraq&m=111229613907550&w=2
- http://secunia.com/advisories/13985
- http://www.portcullis.co.uk/uplds/advisories/Portcullis%20Security%20Advisory%2005-002%20Spectrum%20Cash%20Receipting%20System%20Weak%20Password%20Protection%20Vulnerability.txt
- http://marc.info/?l=bugtraq&m=111229613907550&w=2
- http://secunia.com/advisories/13985
- http://www.portcullis.co.uk/uplds/advisories/Portcullis%20Security%20Advisory%2005-002%20Spectrum%20Cash%20Receipting%20System%20Weak%20Password%20Protection%20Vulnerability.txt
Products affected by CVE-2005-4860
-
cpe:2.3:a:spectrumcu:cash_receipting_system:-
-
cpe:2.3:a:spectrumcu:cash_receipting_system:6.406.08