Microsoft Money Plaintext Password Vulnerability

Under certain circumstances, the password used to protect Microsoft Money from unauthorized access is stored as plaintext. A user who has physical access to the system where the Money file resides is able to obtain the password and use it to view and modify the Money file which includes account information.

This vulnerability could only be exploited remotely if the Money file exists on a share that has been made available to external users.


 

Privacy Statement
Copyright 2010, SecurityFocus