CVE-2006-3785 - Vulnerability Details - OpenCVE

Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00079.

Key SSVC decision points have not yet been added.

Vendors	Products
Symantec Subscribe	Pcanywhere Subscribe

Configuration 1 [-]

cpe:2.3:a:symantec:pcanywhere:12.5:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2006-3779	Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://securityreason.com/securityalert/1261
http://www.digitalbullets.org/?p=3
http://www.securityfocus.com/archive/1/440448/100/0/threaded

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-07-21T21:00:00

Updated: 2024-08-07T18:39:54.156Z

Reserved: 2006-07-21T00:00:00

Link: CVE-2006-3785

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-07-24T12:19:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-3785

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-07-18T00:00:00", "descriptions": [{"lang": "en", "value": "Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20060718 PcAnywhere > 12 Local Privilege Escalation", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/440448/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.digitalbullets.org/?p=3"}, {"name": "1261", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1261"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3785", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060718 PcAnywhere > 12 Local Privilege Escalation", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/440448/100/0/threaded"}, {"name": "http://www.digitalbullets.org/?p=3", "refsource": "MISC", "url": "http://www.digitalbullets.org/?p=3"}, {"name": "1261", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1261"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:39:54.156Z"}, "title": "CVE Program Container", "references": [{"name": "20060718 PcAnywhere > 12 Local Privilege Escalation", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/440448/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.digitalbullets.org/?p=3"}, {"name": "1261", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1261"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3785", "datePublished": "2006-07-21T21:00:00", "dateReserved": "2006-07-21T00:00:00", "dateUpdated": "2024-08-07T18:39:54.156Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:pcanywhere:12.5:*:*:*:*:*:*:*", "matchCriteriaId": "067CAB0F-D513-4A70-B6C6-06EE290A2F6F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin."}, {"lang": "es", "value": "Symantec pcAnywhere 12.5 ofusca la contrase\u00f1a en un cuadro de texto del GUI con asteriscos, pero no la encripta en el fichero .cif asociado (tambi\u00e9n conocido como caller o CallerID), lo que permite a usuarios locales obtener la contrase\u00f1a de la ventana utilizando herramientas como el Nirsoft Asterwin."}], "id": "CVE-2006-3785", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-07-24T12:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1261"}, {"source": "cve@mitre.org", "url": "http://www.digitalbullets.org/?p=3"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/440448/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1261"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.digitalbullets.org/?p=3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/440448/100/0/threaded"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}