Vulnerabilities > CVE-2006-3785 - Local Security vulnerability in Symantec Pcanywhere 12.5

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

symantec

NVD

Published: 2006-07-24

Updated: 2018-10-17

Summary

Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin.

Vulnerable Configurations

Part	Description	Count
Application	Symantec Symantec Pcanywhere 12.5	1

References

http://securityreason.com/securityalert/1261
http://www.digitalbullets.org/?p=3
http://www.securityfocus.com/archive/1/440448/100/0/threaded