PT-2006-4645 · Symantec+1 · Symantec Pcanywhere+1

Root

Published

2006-07-21

Updated

2018-10-17

CVE-2006-3785

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Symantec pcAnywhere version 12.5

Description The issue allows local users to obtain passwords from a window using certain tools, such as Nirsoft Asterwin, because the passwords are not encrypted in the associated .cif file, despite being obfuscated with asterisks in a GUI textbox.

Recommendations For Symantec pcAnywhere version 12.5, consider restricting access to the .cif file to minimize the risk of password exposure until a proper fix is available. As a temporary workaround, avoid storing sensitive passwords in the GUI textbox.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3785

Affected Products

Nirsoft Asterwin

Symantec Pcanywhere

PT-2006-4645 · Symantec+1 · Symantec Pcanywhere+1

CVE-2006-3785

Related Identifiers

Affected Products

References · 4