OSVDB ID: 2917 Title: Microsoft Access Known Database Attack |
Info |
|
|
Dates |
||||
|
|
Description |
Microsoft Access has a flaw in the encryption used to protect databases. The RC4 based encryption uses the same key for both encryption and decryption with no password/phrase. By creating a database equal in size as the target database, an attacker can use the XOR'd key stream from the newly created database to decrypt the target database. |
Classification |
Unknown or Incomplete |
Solution |
Upgrade to version 3.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. |
Products |
|
References |
|
Credit |
Unknown or Incomplete |