Phase:eTrust Intrusion Detection System (formerly SessionWall-3) uses weak encryption (XOR) to store administrative passwords in the registry, which allows local users to easily decrypt the passwords.
ReferencesBUGTRAQ:Wednesday, June 07, 2000 SessionWall-3 Paper + (links to) code | URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSO.4.21.Friday, July 21, 000624320.28062-100000@bearclaw.bogus.net | BID:1341 | URL:http://www.securityfocus.com/bid/1341
Votes:Proposed (Wednesday, July 12, 2000)
Comments: ACCEPT(2) Ozancin, Levy | MODIFY(1) Frech | NOOP(2) LeBlanc, Wall
F7: Frech> XF:etrust-weak-password-encryption(5051)