CVE-2006-3785

Name of the Vulnerable Software and Affected Versions Symantec pcAnywhere version 12.5

Description The issue allows local users to obtain passwords from a window using certain tools, such as Nirsoft Asterwin, because the passwords are not encrypted in the associated .cif file, despite being obfuscated with asterisks in a GUI textbox.

Recommendations For Symantec pcAnywhere version 12.5, consider restricting access to the .cif file to minimize the risk of password exposure until a proper fix is available. As a temporary workaround, avoid storing sensitive passwords in the GUI textbox.