PT-2006-2214 · Comvigo · Comvigo Im Lock

Published

2006-03-14

Updated

2018-10-18

CVE-2006-1198

CVSS v2.0

3.7

Low

Vector

AV:L/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Comvigo IM Lock version 2006

Description The issue concerns the use of a simple substitution cipher for password encryption in the product, which can be decrypted by local users. This allows users to bypass the blocking functionality of the product. The password is stored in the msnvsprc registry value, to which all users have Read permission.

Recommendations For Comvigo IM Lock version 2006, consider restricting access to the msnvsprc registry value to prevent local users from decrypting the password and bypassing the product's blocking functionality. As a temporary workaround, restrict the use of the product's blocking functionality until a more secure encryption method is implemented.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1198

Affected Products

Comvigo Im Lock

PT-2006-2214 · Comvigo · Comvigo Im Lock

CVE-2006-1198

Related Identifiers

Affected Products

References · 6