Vulnerabilities > CVE-2008-4540 - Credentials Management vulnerability in Microsoft Windows Mobile 6.0

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

htc

microsoft

CWE-255

NVD

Published: 2008-10-13

Updated: 2018-10-11

Summary

Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mechanism for the password input field, which allows physically proximate attackers to bypass password authentication and obtain WLAN access.

Vulnerable Configurations

Part	Description	Count
Hardware	Htc HTC Hermes *	1
OS	Microsoft Microsoft Windows Mobile 6.0	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://securityreason.com/securityalert/4402
http://www.securityfocus.com/archive/1/497151/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/45857