Vulnerability in Realnetworks Helix_mobile_server

CVE-2012-1923

RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x store passwords in cleartext under adm_b_db\users\, which allows local users to obtain sensitive information by reading a database.

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.002 (47.2th percentile) — read the EPSS interpretation.

Affected products

Realnetworks Helix_mobile_server — versions 14.0.0, 14.0.1
Realnetworks Helix_server — versions 14.0.0, 14.0.1, 14.2
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

cve@mitre.org (x_refsource_MISC)
52929 (vdb-entry, x_refsource_BID)
1026898 (vdb-entry, x_refsource_SECTRACK)
20120409 Secunia Research: RealNetworks Helix Server Credentials Disclosure Security Issue (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
helix-server-info-disclosure(74673) (vdb-entry, x_refsource_XF)