CVE-2010-3741
The offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack.
Published at
2010-10-05T18:00Z
4953 days ago
Modified
2017-09-19T01:31Z
2413 days ago
CWE-310
Problem type
References
| URL | Type |
|---|---|
| blog.crackpassword.com http://blog.crackpassword.com/2010/09/smartphone-forensics-cracking-blackberry-backup-passwords/ | MISC |
| www.infoworld.com http://www.infoworld.com/t/mobile-device-management/you-can-no-longer-rely-encryption-protect-blackberry-436 | MISC |
| twitter.com http://twitter.com/elcomsoft/statuses/25954970586 | MISC |
| it.slashdot.org http://it.slashdot.org/story/10/10/01/166226/ | MISC |
| oval:org.mitre.oval:def:7360 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7360 | OVAL |
GET https://vulnerabilitydata.com/api/details/CVE-2010-3741
{
"id": "CVE-2010-3741",
"published_date": "2010-10-05T18:00Z",
"last_modified_date": "2017-09-19T01:31Z",
"assigner": "cve@mitre.org",
"description": "The offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack.",
"references": [
{
"url": "http://blog.crackpassword.com/2010/09/smartphone-forensics-cracking-blackberry-backup-passwords/",
"name": "http://blog.crackpassword.com/2010/09/smartphone-forensics-cracking-blackberry-backup-passwords/",
"refsource": "MISC",
"tags": []
},
{
"url": "http://www.infoworld.com/t/mobile-device-management/you-can-no-longer-rely-encryption-protect-blackberry-436",
"name": "http://www.infoworld.com/t/mobile-device-management/you-can-no-longer-rely-encryption-protect-blackberry-436",
"refsource": "MISC",
"tags": []
},
{
"url": "http://twitter.com/elcomsoft/statuses/25954970586",
"name": "http://twitter.com/elcomsoft/statuses/25954970586",
"refsource": "MISC",
"tags": []
},
{
"url": "http://it.slashdot.org/story/10/10/01/166226/",
"name": "http://it.slashdot.org/story/10/10/01/166226/",
"refsource": "MISC",
"tags": []
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7360",
"name": "oval:org.mitre.oval:def:7360",
"refsource": "OVAL",
"tags": []
}
],
"impact": {
"baseMetricV2": {
"cvssV2": {
"version": "2.0",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"accessVector": "LOCAL",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7
},
"severity": "MEDIUM",
"exploitabilityScore": 3.4,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
},
"problem_type": "CWE-310"
}