PT-2004-3446 · Riverdeep · Riverdeep Foolproof Security

Published

2004-12-31

Updated

2017-07-11

CVE-2004-2555

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Riverdeep FoolProof Security versions 3.9.x

Description The issue concerns the use of weak cryptography, specifically arithmetic and XOR operations, to relate the Control password to the Administrator password. This weakness allows local users to calculate the Administrator password if they know the Control password and the password recovery key.

Recommendations For Riverdeep FoolProof Security version 3.9.x, consider changing the Control password and the Administrator password to strong, unique passwords, and keep the password recovery key secure to minimize the risk of exploitation. As a temporary workaround, restrict access to the password recovery mechanism until a more secure method is implemented.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-2555

Affected Products

Riverdeep Foolproof Security

PT-2004-3446 · Riverdeep · Riverdeep Foolproof Security

CVE-2004-2555

Related Identifiers

Affected Products

References · 7