Description
The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information by sniffing the network; and (2) storing passwords in the configuration file, which allows local users to obtain sensitive information by reading this file.
References (3)
Core 3
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25153
Broken Link, Vendor Advisory x_refsource_misc
http://www.portcullis.co.uk/uplds/advisories/vapassword%20-%2006-042.txt
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/46979
Scores
CVSS v3
7.5
EPSS
0.0105
EPSS Percentile
59.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-327
Status
published
Products (1)
visionsoft/audit
12.4.0.0
Published
Aug 03, 2007
Tracked Since
Feb 18, 2026