CVE: CVE-2004-1852

Export to Word

DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain sensitive information.

Threat-Mapped Scoring

Score: 3.0

Priority: P2 - Serious (High)

S1 – Steal Customer Account Information

EPSS

Score: 0.00259
Percentile: 0.49145

CVSS Scoring

CVSS v2 Score: 5.0

Severity:

Mapped CWE(s)

CWE-319 : Cleartext Transmission of Sensitive Information

All CAPEC(s)

CAPEC-102: Session Sidejacking
CAPEC-117: Interception
CAPEC-383: Harvesting Information via API Event Monitoring
CAPEC-477: Signature Spoofing by Mixing Signed and Unsigned Content
CAPEC-65: Sniff Application Code

CAPEC(s) with Mapped TTPs

CAPEC-383: Harvesting Information via API Event Monitoring
Mapped TTPs:
- T1056.004 : Credential API Hooking
CAPEC-65: Sniff Application Code
Mapped TTPs:
- T1040 : Network Sniffing

Mapped ATT&CK TTPs

T1056.004 : Credential API Hooking
Kill Chain: collection
T1040 : Network Sniffing
Kill Chain: credential-access

Malware

APTs Threat Group Associations

Campaigns

ArcaneDoor
2015 Ukraine Electric Power Attack

Affected Products

cpe:2.3:a:solarwinds:dameware_mini_remote_control:*:*:*:*:*:*:*:*
cpe:2.3:a:solarwinds:dameware_mini_remote_control:*:*:*:*:*:*:*:*

← Back to Home