CVE-2006-1198

Name of the Vulnerable Software and Affected Versions Comvigo IM Lock version 2006

Description The issue concerns the use of a simple substitution cipher for password encryption in the product, which can be decrypted by local users. This allows users to bypass the blocking functionality of the product. The password is stored in the msnvsprc registry value, to which all users have Read permission.

Recommendations For Comvigo IM Lock version 2006, consider restricting access to the msnvsprc registry value to prevent local users from decrypting the password and bypassing the product's blocking functionality. As a temporary workaround, restrict the use of the product's blocking functionality until a more secure encryption method is implemented.