Vulnerabilities > CVE-2010-3741 - Cryptographic Issues vulnerability in RIM Blackberry Desktop Software

047910
CVSS 4.7 - MEDIUM
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
NONE
Availability impact
NONE

Summary

The offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack.

Vulnerable Configurations

Part Description Count
Application
Rim
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Oval

accepted2015-08-24T04:00:07.064-04:00
classvulnerability
contributors
  • nameSecPod Team
    organizationSecPod Technologies
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
commentBlackBerry Desktop Software is installed
ovaloval:org.mitre.oval:def:6688
descriptionThe offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack.
familywindows
idoval:org.mitre.oval:def:7360
statusaccepted
submitted2010-10-26T10:43:26
titleVulnerability in offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software
version6