CVE-1999-1104

Current Description

Windows 95 uses weak encryption for the password list (.pwl) file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords.

Basic Data

PublishedDecember 31, 1999
Last ModifiedOctober 18, 2016
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score4.6
SeverityMEDIUM
Exploitability Score3.9
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSMicrosoftWindows 95********

Vulnerable Software List

VendorProductVersions
Microsoft Windows 95 *

References

NameSourceURLTags
19951205 Cracked: WINDOWS.PWLhttp://marc.info/?l=bugtraq&m=87602167418931&w=2BUGTRAQ
19980120 How to recover private keys for various Microsoft productshttp://marc.info/?l=bugtraq&m=88536273725787&w=2BUGTRAQ
19980121 How to recover private keys for various Microsoft productshttp://marc.info/?l=ntbugtraq&m=88540877601866&w=2NTBUGTRAQ
Q140557http://support.microsoft.com/support/kb/articles/q140/5/57.aspMSKB
win95-nbsmbpwl(71)http://www.iss.net/security_center/static/71.phpXF