CVE-1999-0476 in OpenServerinfo

Summary

by MITRE

A weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 04/19/2026

The vulnerability identified as CVE-1999-0476 represents a critical cryptographic weakness in SCO TermVision software that was widely deployed in enterprise environments during the late 1990s. This issue stems from the implementation of weak encryption algorithms for password storage, specifically affecting the authentication mechanisms within the SCO TermVision terminal emulation software. The vulnerability allows local users to easily decrypt stored passwords, effectively undermining the security controls that should protect sensitive authentication credentials. This weakness is particularly concerning given that SCO TermVision was commonly used for remote access and terminal sessions in business environments, making it a prime target for attackers seeking unauthorized access to systems.

The technical flaw manifests through the use of insufficiently strong cryptographic methods for password encryption within the SCO TermVision application. The implementation likely employs either a simple substitution cipher, weak hash functions, or other easily reversible encryption techniques that were prevalent in early software implementations. This vulnerability directly maps to CWE-327, which addresses the use of weak cryptographic algorithms, and specifically aligns with CWE-310, focusing on cryptographic issues related to key management and algorithm strength. The weakness exists at the application level where user credentials are processed and stored, creating an attack surface that can be exploited by any user with local access to the system running SCO TermVision.

The operational impact of this vulnerability extends beyond simple credential theft, as it provides attackers with persistent access to systems that may otherwise require additional authentication methods. Local users who can access the SCO TermVision application can leverage this weakness to obtain clear-text passwords for other systems or applications that may share similar authentication mechanisms. This creates a potential lateral movement vector within networks where SCO TermVision is deployed, enabling attackers to escalate privileges and expand their access within the compromised environment. The vulnerability also violates fundamental security principles outlined in the NIST SP 800-63 standard for authentication and access control, which mandates the use of strong cryptographic methods for protecting sensitive information.

Organizations affected by CVE-1999-0476 should implement immediate mitigations including the complete removal of SCO TermVision from systems or the implementation of strict access controls to limit local user privileges. The vulnerability should be addressed through patching efforts if vendor support is available, or by migrating to more secure terminal emulation solutions that implement proper cryptographic standards. Security monitoring should focus on detecting unauthorized access attempts and credential exposure events within environments where this software remains operational. The ATT&CK framework categorizes this vulnerability under T1552, which covers credentials theft techniques, and T1078, which addresses valid accounts and legitimate credentials. Organizations should also consider implementing additional security controls such as mandatory access controls, privilege separation, and network segmentation to limit the potential impact of local credential compromise. Given the age of this vulnerability and the prevalence of more sophisticated attack methods, it is crucial to conduct comprehensive security assessments to identify all instances of this software within the organization and ensure complete remediation through either patching, replacement, or isolation of affected systems.

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!