CVE-2001-1546

HIGH

Pathways Homecare 6.5 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-1546. PoCs published by shoeboy.

AI-analyzed exploit summary The exploit decrypts weakly encrypted credentials stored in the McKesson Pathways Homecare `pwhc.ini` file. It includes a Perl script for SQL server accounts and a SQL query for Visual Basic clients, both reversing the obfuscation algorithm.

Description

Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file.

Exploits (1)

exploitdb WORKING POC VERIFIED
by shoeboy · perllocalwindows
https://www.exploit-db.com/exploits/21173

The exploit decrypts weakly encrypted credentials stored in the McKesson Pathways Homecare `pwhc.ini` file. It includes a Perl script for SQL server accounts and a SQL query for Visual Basic clients, both reversing the obfuscation algorithm.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: McKesson Pathways Homecare
No auth needed
Prerequisites: Access to the `pwhc.ini` file or database
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Broken Link vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/7682.php
Broken Link, Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3653
Broken Link, Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/244367

Scores

CVSS v3 7.8
EPSS 0.0041
EPSS Percentile 32.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-326
Status published
Products (1)
mckesson/pathways_homecare 6.5
Published Dec 31, 2001
Tracked Since Feb 18, 2026