Description
Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/440448/100/0/threaded
Various Sources x_refsource_misc
http://www.digitalbullets.org/?p=3
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/1261
Scores
EPSS
0.0008
EPSS Percentile
23.2%
Details
Status
published
Products (1)
symantec/pcanywhere
12.5
Published
Jul 24, 2006
Tracked Since
Feb 18, 2026