Vulnerability Details : CVE-2014-0361
The default configuration of IBM 4690 OS, as used in Toshiba Global Commerce Solutions 4690 POS and other products, hashes passwords with the ADXCRYPT algorithm, which makes it easier for context-dependent attackers to obtain sensitive information via unspecified cryptanalysis of an ADXCSOUF.DAT file.
Exploit prediction scoring system (EPSS) score for CVE-2014-0361
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-0361
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
3.0
|
LOW | AV:L/AC:M/Au:S/C:P/I:P/A:N |
2.7
|
4.9
|
NIST |
CWE ids for CVE-2014-0361
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0361
-
http://www.kb.cert.org/vuls/id/622950
VU#622950 - Toshiba Global Commerce Solutions' 4690 Point of Sale operating system contains a password hashing algorithm that can be reversedUS Government Resource
-
http://www-01.ibm.com/support/docview.wss?uid=pos1R1005054
IBM notice: The page you requested cannot be displayedVendor Advisory
Products affected by CVE-2014-0361
- cpe:2.3:o:toshibacommerce:4690_point_of_sale_operating_system:6.4:*:*:*:*:*:*:*
- cpe:2.3:o:toshibacommerce:4690_point_of_sale_operating_system:6.3:*:*:*:*:*:*:*
- cpe:2.3:o:toshibacommerce:4690_point_of_sale_operating_system:6.2:*:*:*:*:*:*:*