Vulnerabilities > CVE-2002-0065 - Weak Password Storage vulnerability in Funk Software Proxy

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

bindview

funk-software

NVD

Published: 2002-04-22

Updated: 2008-09-10

Summary

Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host password, which allows local users to gain privileges by recovering the passwords from the PHOST.INI file or the Windows registry.

Vulnerable Configurations

Part	Description	Count
Application	Bindview Bindview Netrc 1.0 Bindview Netrc 3.06	2
Application	Funk_Software Funk Software Funk Software Proxy 3.0 Funk Software Funk Software Proxy 3.06 Funk Software Funk Software Proxy 3.09 Funk Software Funk Software Proxy 3.09A	4

References

http://razor.bindview.com/publish/advisories/adv_FunkProxy.html
http://www.iss.net/security_center/static/8792.php
http://www.securityfocus.com/bid/4459