Product

Moernaut Lsrunase 1.0


View All Versions

Vulnerabilities

Unspecified
Credentials Management

Security Grade

438

of 1000

SECURITY GRADE

Vulnerability History

Weakness Analysis

Related Vulnerabilities

Vulnerability Severity Score Release Date Summary
CVE-2007-6340 2.1 Feb. 4, 2008

Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector (IV), which makes it easier for local users to obtain cleartext passwords.

CVE-2008-0581 7.2 Feb. 4, 2008

Geert Moernaut LSrunasE allows local users to gain privileges by obtaining the encrypted password from a batch file, and constructing a modified batch file that specifies this password in the /password switch and specifies an arbitrary program in the /command switch.

Followers