Weak Encryption of User Password in Starfish Truesync Desktop 2.0b on REX 5000 PDA Allows Privilege Escalation

Weak Encryption of User Password in Starfish Truesync Desktop 2.0b on REX 5000 PDA Allows Privilege Escalation

CVE-2001-1005 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak encryption to store the user password in a registry key, which allows attackers who have access to the registry key to decrypt the password and gain privileges.

Learn more about our Cis Benchmark Audit For Desktop Software.