| CNNVD-ID编号 | CNNVD-200607-505 |
| CVE编号 | CVE-2006-3675 |
| 发布时间 | 2006-07-28 |
| 更新时间 | 2006-08-01 |
| 漏洞类型 | 设计错误 |
| 漏洞来源 | J.R. Wikes discovered this vulnerability. |
| 危险等级 | 低危 |
| 威胁类型 | 本地 |
| 厂 商 | counterpane |
Password Safe 2.11, 2.16和3.0BETA1在某些对话框窗口打开时,未遵守用于锁定密码数据库的配置设定, 可能会使具有物理访问权的攻击者获得数据库内容。
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Counterpane Password Safe 2.11
Counterpane Password Safe 3.01
https://sourceforge.net/project/showfiles.php?group_id=41019&package_id=33169&release_id=422760
Counterpane Password Safe 3.0 BETA1
Counterpane Password Safe 3.01
https://sourceforge.net/project/showfiles.php?group_id=41019&package_i
d=33169&release_id=422760
Counterpane Password Safe 2.16
Counterpane Password Safe 3.01
https://sourceforge.net/project/showfiles.php?group_id=41019&package_i
d=33169&release_id=422760
来源: XF
名称: passwordsafe-lock-weak-security(27933)
来源: MISC
链接:http://www.symantec.com/enterprise/research/SYMSA-2006-008.txt
来源: BID
名称: 19078
来源: BUGTRAQ
名称: 20060721 SYMSA-2006-008:Password Safe - Lock Password Database Configuration Not Enforced
链接:http://www.securityfocus.com/archive/1/archive/1/441040/100/0/threaded
来源: SECTRACK
名称: 1016565