CVE-2001-1546

moderate-risk

Published 2001-12-31

Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file.

Do I need to act?

0.11% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

21173

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (1)

Pathways Homecare

Affected Vendors

Mckesson

References (6)

Broken Link http://www.iss.net/security_center/static/7682.php

Broken Link http://www.securityfocus.com/archive/1/244367

Broken Link http://www.securityfocus.com/bid/3653

Broken Link http://www.iss.net/security_center/static/7682.php

Broken Link http://www.securityfocus.com/archive/1/244367

Broken Link http://www.securityfocus.com/bid/3653

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 7/34 · Low

Exposure 5/34 · Minimal