CVE-2004-1852

DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain sensitive information.

Weakness

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Affected Software

Name	Vendor	Start Version	End Version
Dameware_mini_remote_control	Solarwinds	3.0 (including)	3.74 (excluding)
Dameware_mini_remote_control	Solarwinds	4.0 (including)	4.2 (excluding)

Potential Mitigations

https://cwe.mitre.org/data/definitions/102.html
https://cwe.mitre.org/data/definitions/117.html
https://cwe.mitre.org/data/definitions/383.html
https://cwe.mitre.org/data/definitions/477.html
https://cwe.mitre.org/data/definitions/65.html

References

http://marc.info/?l=bugtraq\u0026m=108016344224973\u0026w=2
http://secunia.com/advisories/11205
http://securitytracker.com/id?1009557
http://www.dameware.com/support/security/bulletin.asp?ID=SB3
http://www.osvdb.org/4547
http://www.securityfocus.com/bid/9959
https://exchange.xforce.ibmcloud.com/vulnerabilities/15586
http://marc.info/?l=bugtraq\u0026m=108016344224973\u0026w=2
http://secunia.com/advisories/11205
http://securitytracker.com/id?1009557
http://www.dameware.com/support/security/bulletin.asp?ID=SB3
http://www.osvdb.org/4547
http://www.securityfocus.com/bid/9959
https://exchange.xforce.ibmcloud.com/vulnerabilities/15586

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1852
CWE	https://cwe.mitre.org/data/definitions/319.html

Cleartext Transmission of Sensitive Information

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References