Vulnerabilities > CVE-2004-2555 - Unspecified vulnerability in Smartstuff Foolproof Security 3.9/3.9.4/3.9.7

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
local
low complexity
smartstuff
exploit available
NVD
Published: 2004-12-31
Updated: 2017-07-11

Summary

Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses weak cryptography (arithmetic and XOR operations) to relate the Control password to the Administrator password, which allows local users to calculate the Administrator password if they know the Control password and password recovery key.

Vulnerable Configurations

Part Description Count
Application
Smartstuff
3

Exploit-Db

descriptionSmartStuff FoolProof Security Program 3.9.x Administrative Password Recovery Vulnerability. CVE-2004-2555. Local exploit for windows platform
idEDB-ID:24171
last seen2016-02-02
modified2004-06-05
published2004-06-05
reporterCyrillium Security
sourcehttps://www.exploit-db.com/download/24171/
titleSmartStuff FoolProof Security Program 3.9.x Administrative Password Recovery Vulnerability

References