Vulnerabilities > CVE-2004-2555 - Unspecified vulnerability in Smartstuff Foolproof Security 3.9/3.9.4/3.9.7
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN smartstuff
exploit available
Summary
Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses weak cryptography (arithmetic and XOR operations) to relate the Control password to the Administrator password, which allows local users to calculate the Administrator password if they know the Control password and password recovery key.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Exploit-Db
| description | SmartStuff FoolProof Security Program 3.9.x Administrative Password Recovery Vulnerability. CVE-2004-2555. Local exploit for windows platform |
| id | EDB-ID:24171 |
| last seen | 2016-02-02 |
| modified | 2004-06-05 |
| published | 2004-06-05 |
| reporter | Cyrillium Security |
| source | https://www.exploit-db.com/download/24171/ |
| title | SmartStuff FoolProof Security Program 3.9.x Administrative Password Recovery Vulnerability |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0081.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0081.html
- http://secunia.com/advisories/11790
- http://secunia.com/advisories/11790
- http://www.osvdb.org/6735
- http://www.osvdb.org/6735
- http://www.securityfocus.com/bid/10467
- http://www.securityfocus.com/bid/10467
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16327
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16327