CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-3785

Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 24.2%

CVSS Severity

CVSS v2 Score 2.1

References

http://securityreason.com/securityalert/1261
http://www.digitalbullets.org/?p=3
http://www.securityfocus.com/archive/1/440448/100/0/threaded
http://securityreason.com/securityalert/1261
http://www.digitalbullets.org/?p=3
http://www.securityfocus.com/archive/1/440448/100/0/threaded

Products affected by CVE-2006-3785

Symantec » Pcanywhere » Version: 12.5

cpe:2.3:a:symantec:pcanywhere:12.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-3785

Products

Pricing

Contact Us