CVE-2006-3785
First published: Mon Jul 24 2006(Updated: )
Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec pcAnywhere | =12.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-3785?
CVE-2006-3785 is considered a moderate severity vulnerability as it allows local users to retrieve obfuscated passwords from the application.
How do I fix CVE-2006-3785?
To mitigate CVE-2006-3785, it is recommended to upgrade to a later version of Symantec pcAnywhere that addresses this vulnerability.
Who is affected by CVE-2006-3785?
CVE-2006-3785 affects users of Symantec pcAnywhere version 12.5.
What type of vulnerability is CVE-2006-3785?
CVE-2006-3785 is a local information disclosure vulnerability.
Can tools retrieve passwords due to CVE-2006-3785?
Yes, local users can use tools such as Nirsoft Asterwin to extract the passwords from the cif file associated with Symantec pcAnywhere.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-historical
- vendor/symantec
- product/pcanywhere
- canonical/symantec pcanywhere
- collector/nvd-index
- version/symantec pcanywhere/12.5