LinBit Technologies LinBox Plain Text Password Storage Weakness
BID:10011
Info
LinBit Technologies LinBox Plain Text Password Storage Weakness
| Bugtraq ID: | 10011 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 30 2004 12:00AM |
| Updated: | Mar 30 2004 12:00AM |
| Credit: | Discovery of this issue is credited to Martin Eiszner <[email protected]>. |
| Vulnerable: |
LinBit Technologies LINBOX Officeserver |
| Not Vulnerable: | |
Discussion
LinBit Technologies LinBox Plain Text Password Storage Weakness
Reportedly LINBOX Officeserver is prone to a plain text password storage weakness. This issue is due to a design error that may allow a user to view plain text passwords on the affected system.
This issue could be used in conjunction with other possible vulnerabilities in a host to gain access to user authentication credentials. This poses an additional risk since users may recycle credentials across multiple services.
Reportedly LINBOX Officeserver is prone to a plain text password storage weakness. This issue is due to a design error that may allow a user to view plain text passwords on the affected system.
This issue could be used in conjunction with other possible vulnerabilities in a host to gain access to user authentication credentials. This poses an additional risk since users may recycle credentials across multiple services.
Exploit / POC
LinBit Technologies LinBox Plain Text Password Storage Weakness
No exploit is required to leverage this issue.
No exploit is required to leverage this issue.
Solution / Fix
LinBit Technologies LinBox Plain Text Password Storage Weakness
Solution:
The vendor has released a patch to deal with this issue.
LinBit Technologies LINBOX Officeserver
Solution:
The vendor has released a patch to deal with this issue.
LinBit Technologies LINBOX Officeserver
-
LinBit Technologies linbox-sa1.patch
http://linbox.linbit.at/patches/linbox-sa1.patch
References
LinBit Technologies LinBox Plain Text Password Storage Weakness
References:
References:
- LINBOX Home Page (LinBit Technologies)
- Linbit linbox Multiple Vulnerabilities (Martin Eiszner
)