Professional2006

CVSS 3.7 - LOW

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

high complexity

comvigo

NVD

Published: 2006-03-14

Updated: 2018-10-18

Summary

Comvigo IM Lock 2006 uses a simple substitution cipher to encrypt a password stored in the msnvs\prc registry value, for which all users have Read permission, which allows local users to bypass the product's blocking functionality by decrypting the password.

Vulnerable Configurations

Part	Description	Count
Application	Comvigo Comvigo IM Lock Home_2006 Comvigo IM Lock Professional_2006	2

References

http://secunia.com/advisories/19140
http://www.securityfocus.com/archive/1/426935/100/0/threaded
http://www.securityfocus.com/bid/16988
http://www.vupen.com/english/advisories/2006/0866
https://exchange.xforce.ibmcloud.com/vulnerabilities/25219