Anfälligkeitssuche        Suche in 187964 CVE Beschreibungen
und 85075 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.900302
Kategorie:Windows
Titel:MS Windows taskmgr.exe Information Disclosure Vulnerability
Zusammenfassung:This host is running Windows Operating System and is prone to; information disclosure vulnerability.
Beschreibung:Summary:
This host is running Windows Operating System and is prone to
information disclosure vulnerability.

Vulnerability Insight:
The I/O activity measurement of all processes allow to obtain sensitive
information by reading the I/O other bytes column in taskmgr.exe to
estimate the number of characters that a different user entered at a
password prompt through 'runas.exe'.

Vulnerability Impact:
Successful exploitation will let the attacker retrieve password related
information and can cause brute force or benchmarking attacks.

Affected Software/OS:
- Microsoft Windows XP SP3 and prior

- Microsoft Windows Server 2003 SP2 and prior

Solution:
No known solution was made available for at least one year since the disclosure
of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer
release, disable respective features, remove the product or replace the product by another one.

CVSS Score:
4.0

CVSS Vector:
AV:L/AC:H/Au:N/C:C/I:N/A:N

Querverweis: BugTraq ID: 33440
Common Vulnerability Exposure (CVE) ID: CVE-2009-0320
http://www.securityfocus.com/bid/33440
Bugtraq: 20090124 Benchmarking attacks and major security weakness on all recent Windows versions up to Windows 200 (Google Search)
http://www.securityfocus.com/archive/1/500393/100/0/threaded
CopyrightCopyright (C) 2009 SecPod

Dies ist nur einer von 85075 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.