CVE-2004-1852
published 2004-03-23CVE-2004-1852: DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain…
PriorityP418medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
0.84%
53.2th percentile
DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain sensitive information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| solarwinds | dameware_mini_remote_control | >= 3.0 < 3.74 | 3.74 |
| solarwinds | dameware_mini_remote_control | >= 4.0 < 4.2 | 4.2 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Missing Encryption of Sensitive Data
mitre_cwe
CWE-311 Missing Encryption of Sensitive Data
CWE-311: Missing Encryption of Sensitive Data
The product does not encrypt sensitive or critical information before storage or transmission.
Modes of Introduction:
Phase: Architecture and Design
Note: OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase.
Phase: Operation
Common Consequences:
Scope: Confidentiality. Impact: Read Application Data. If the application does not use a secure channel, such as SSL, to exchange sensitive information, it is possible for an attacker with access to the network traffic to sniff packets from the connection and uncover the data. This attack is not technically difficult, but does require physical access to some portion of the network over which the sensitive data travels. This access is usually somewhe
CWE
Cleartext Transmission of Sensitive Information
mitre_cwe
CWE-319 Cleartext Transmission of Sensitive Information
CWE-319: Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Modes of Introduction:
Phase: Architecture and Design
Note: OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase.
Phase: Architecture and Design
Note: For hardware, this may be introduced when design does not plan for an attacker having physical access while a legitimate user is remotely operating the device.
Phase: Operation
Phase: System Configuration
Common Consequences:
Scope: Integrity, Confidentiality. Impact: Read Application Data, Modify Files or Directories. Anyone can read the information by gaining access to the channel being used
http://marc.info/?l=bugtraq&m=108016344224973&w=2http://secunia.com/advisories/11205http://securitytracker.com/id?1009557http://www.dameware.com/support/security/bulletin.asp?ID=SB3http://www.osvdb.org/4547http://www.securityfocus.com/bid/9959https://exchange.xforce.ibmcloud.com/vulnerabilities/15586http://marc.info/?l=bugtraq&m=108016344224973&w=2http://secunia.com/advisories/11205http://securitytracker.com/id?1009557http://www.dameware.com/support/security/bulletin.asp?ID=SB3http://www.osvdb.org/4547http://www.securityfocus.com/bid/9959https://exchange.xforce.ibmcloud.com/vulnerabilities/15586
2004-03-23
Published