Showing 1 - 1 of 1

CVE-2007-5460

Status Candidate

Overview

Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process.

Related Files

SYMSA-2007-010.txt: Posted Oct 15, 2007; Authored by Ollie Whitehouse | Site symantec.com; Symantec Vulnerability Research SYMSA-2007-010 - A vulnerability has been discovered in the mechanism that Microsoft ActiveSync 4.x uses to obfuscate the password when it's sent over the USB network interface between the device and the host machine. This enables malicious software on the host to either impersonate a device in order to obtain the current password or, if in a position to sniff network traffic, obtain the password for trivial decoding.; tags | advisory; advisories | CVE-2007-5460; SHA-256 | 931bc3ac990fc2a8b1b2680ebd4ae1b48d6b60679fcb0bacfc1609c0b629d79b; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 297 files
Ubuntu 69 files
Debian 20 files
Gentoo 8 files
Apple 6 files
Google Security Research 4 files
LiquidWorm 4 files
Spencer McIntyre 3 files
Alter Prime 3 files
Jann Horn 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2007-5460

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems