SafeNet SoftRemote VPN Client Local Password Disclosure Vulnerability
BID:12490
Info
SafeNet SoftRemote VPN Client Local Password Disclosure Vulnerability
| Bugtraq ID: | 12490 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 08 2005 12:00AM |
| Updated: | Feb 08 2005 12:00AM |
| Credit: | Discovery of this vulnerability is credited to Roy Hills <[email protected]>. |
| Vulnerable: |
Safenet-Inc SoftRemoteLT Safenet-Inc SoftRemote |
| Not Vulnerable: | |
Discussion
SafeNet SoftRemote VPN Client Local Password Disclosure Vulnerability
SoftRemote and SoftRemoteLT VPN client utilities are reported prone to a local pre-shared key (password) disclosure vulnerability. It is reported that the VPN password is stored in the memory image of the process in plain-text format.
Credentials that are harvested through the exploitation of this vulnerability may then be used to aid in further attacks.
SoftRemote and SoftRemoteLT VPN client utilities are reported prone to a local pre-shared key (password) disclosure vulnerability. It is reported that the VPN password is stored in the memory image of the process in plain-text format.
Credentials that are harvested through the exploitation of this vulnerability may then be used to aid in further attacks.
Exploit / POC
SafeNet SoftRemote VPN Client Local Password Disclosure Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
SafeNet SoftRemote VPN Client Local Password Disclosure Vulnerability
Solution:
It is reported that the vendor has released an update to address this vulnerability, although this is not confirmed. Customers are advised to contact the vendor for further details regarding obtaining and applying appropriate updates.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
It is reported that the vendor has released an update to address this vulnerability, although this is not confirmed. Customers are advised to contact the vendor for further details regarding obtaining and applying appropriate updates.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
SafeNet SoftRemote VPN Client Local Password Disclosure Vulnerability
References:
References: