4
CVE-2010-2011
- EPSS 10.74%
- Veröffentlicht 21.05.2010 20:30:01
- Zuletzt bearbeitet 16.06.2026 23:19:48
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Microsoft Dynamics GP uses a substitution cipher to encrypt the system password field and unspecified other fields, which makes it easier for remote authenticated users to obtain sensitive information by decrypting a field's contents.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.74% | 0.953 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
http://blogs.msdn.com/developingfordynamicsgp/archive/2008/10/02/why-does-microsoft-dynamics-gp-encrypt-passwords.aspx
http://slashdot.org/story/10/05/21/1437227
http://www.christopherkois.com/?p=448