header-logo
Suggest Exploit
vendor:
SmartServer3
by:
Steven Alexander
7.5
CVSS
HIGH
Information Disclosure
200
CWE
Product Name: SmartServer3
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: No
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows
Unknown

Design Error in SmartServer3

An authenticated user can view other users' login information and possibly gain access to passwords. The configuration file dialsrv.ini, which contains user login information including encrypted passwords, is accessible to all Windows authenticated users. The weak encryption scheme used by SmartServer3 can be easily broken using a third-party utility.

Mitigation:

Unknown
Source

Exploit-DB raw data: