Vulnerabilities > CVE-2003-1376 - Credentials Management vulnerability in Winzip 8.0

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

winzip

CWE-255

NVD

Published: 2003-12-31

Updated: 2017-07-29

Summary

WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder.

Vulnerable Configurations

Part	Description	Count
Application	Winzip Winzip Winzip 8.0	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://securityreason.com/securityalert/3265
http://www.securityfocus.com/archive/1/311059
http://www.securityfocus.com/bid/6805
https://exchange.xforce.ibmcloud.com/vulnerabilities/11296