• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft ActiveSync Weak Password Obfuscation Information Disclosure Vulnerability

Microsoft ActiveSync is prone to an information-disclosure vulnerability because it fails to adequately obfuscate sensitive information.

Attackers can exploit this issue to gain PIN or password data for devices docked via USB.

Software that uses ActiveSync 4.1 is vulnerable; other versions may also be affected.