PT-2002-2667 · Videsh Sanchar Nigam Limited · Vsnl Integrated Dialer
Published
2002-12-31
·
Updated
2024-02-14
·
CVE-2002-1946
CVSS v2.0
2.1
Low
| Vector | AV:L/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software version 1.2.000
Description
The issue concerns the storage of passwords using a weak encryption scheme, specifically a one-to-one mapping, in a registry key when the "Save Password" option is used. This allows local users to obtain and decrypt the password.
Recommendations
For Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software version 1.2.000, consider disabling the "Save Password" option to prevent passwords from being stored with weak encryption until a proper fix is available.
Fix
Inadequate Encryption Strength
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vsnl Integrated Dialer