CVE-2014-0361

The default configuration of IBM 4690 OS, as used in Toshiba Global Commerce Solutions 4690 POS and other products, hashes passwords with the ADXCRYPT algorithm, which makes it easier for context-dependent attackers to obtain sensitive information via unspecified cryptanalysis of an ADXCSOUF.DAT file.

CVSS v2.0 3.0 LOW

3.0^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:M/Au:S/C:P/I:P/A:N

Exploitability : 2.7 / Impact : 4.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=pos1R1005054	Vendor Advisory
http://www.kb.cert.org/vuls/id/622950	US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:toshibacommerce:4690_point_of_sale_operating_system:6.2:::::::*
	cpe:2.3:o:toshibacommerce:4690_point_of_sale_operating_system:6.3:::::::*
	cpe:2.3:o:toshibacommerce:4690_point_of_sale_operating_system:6.4:::::::*

History

No history.

Information

Published : 2014-04-21 22:55

Updated : 2014-05-05 05:31

NVD link : CVE-2014-0361

Mitre link : CVE-2014-0361

CVE.ORG link : CVE-2014-0361

JSON object : View

Products Affected

toshibacommerce

4690_point_of_sale_operating_system

CWE

CWE-310

Cryptographic Issues

{"id": "CVE-2014-0361", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.0, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 2.7, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-04-21T22:55:08.240", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=pos1R1005054", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/622950", "tags": ["US Government Resource"], "source": "cret@cert.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "The default configuration of IBM 4690 OS, as used in Toshiba Global Commerce Solutions 4690 POS and other products, hashes passwords with the ADXCRYPT algorithm, which makes it easier for context-dependent attackers to obtain sensitive information via unspecified cryptanalysis of an ADXCSOUF.DAT file."}, {"lang": "es", "value": "La configuraci\u00f3n por defecto de 4690 OS de IBM, tal como es usado en Toshiba Global Commerce Solutions 4690 POS y otros productos, contiene contrase\u00f1as con el algoritmo ADXCRYPT, que facilita a los atacantes dependiendo del contexto obtener informaci\u00f3n confidencial mediante un criptoan\u00e1lisis no especificado de un archivo ADXCSOUF.DAT ."}], "lastModified": "2014-05-05T05:31:48.717", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:toshibacommerce:4690_point_of_sale_operating_system:6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C641DCB5-998B-4344-AE61-F355BF673F3F"}, {"criteria": "cpe:2.3:o:toshibacommerce:4690_point_of_sale_operating_system:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84BC4F48-50FF-4198-9096-8A0BF6A88580"}, {"criteria": "cpe:2.3:o:toshibacommerce:4690_point_of_sale_operating_system:6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE086740-3B79-4382-AC23-B04E7F21D422"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}