Spectrum · Spectrum Cash Receipting System · CVE-2005-4860
Name of the Vulnerable Software and Affected Versions:
Spectrum Cash Receipting System versions prior to 6.504
Description:
The issue concerns the use of weak cryptography, specifically static substitution, in the PASSFILE password file. This weakness makes it easier for local users to gain privileges by decrypting a password.
Recommendations:
For versions prior to 6.504, update to version 6.504 or later to resolve the issue. As a temporary workaround, consider restricting access to the PASSFILE password file to minimize the risk of exploitation.