vendor:
SmartServer3
by:
Steven Alexander
7.5
CVSS
HIGH
Information Disclosure
200
CWE
Product Name: SmartServer3
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: No
Related CWE:
CPE:
Platforms Tested: Windows
Unknown
Design Error in SmartServer3
An authenticated user can view other users' login information and possibly gain access to passwords. The configuration file dialsrv.ini, which contains user login information including encrypted passwords, is accessible to all Windows authenticated users. The weak encryption scheme used by SmartServer3 can be easily broken using a third-party utility.
Mitigation:
Unknown