BID:13199

DameWare Mini Remote Control Authentication Credentials Persistence Weakness

Info

DameWare Mini Remote Control Authentication Credentials Persistence Weakness

Bugtraq ID:	13199
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 15 2005 12:00AM
Updated:	Apr 15 2005 12:00AM
Credit:	Discovery of this issue is credited to Jordi Corrales <[email protected]>.
Vulnerable:	DameWare Development Mini Remote Control Server 4.9 DameWare Development Mini Remote Control Server 4.8 DameWare Development Mini Remote Control Server 4.2 .0.0 DameWare Development Mini Remote Control Server 4.1 .0.0 DameWare Development Mini Remote Control Server 4.0 DameWare Development Mini Remote Control Server 3.74 .0.0 DameWare Development Mini Remote Control Server 3.73 .0.0 DameWare Development Mini Remote Control Server 3.72 .0.0 DameWare Development Mini Remote Control Server 3.71 .0.0 DameWare Development Mini Remote Control Server 3.70 .0.0

Not Vulnerable:

Discussion

DameWare Mini Remote Control Authentication Credentials Persistence Weakness

A problem with DameWare Mini Remote Control may allow the recovery of sensitive information.

DameWare Mini Remote Control does not safely handle authentication credential information. As a result, a local user may be able to recover authentication passwords.

Exploit / POC

DameWare Mini Remote Control Authentication Credentials Persistence Weakness

No exploit is required.

Solution / Fix

DameWare Mini Remote Control Authentication Credentials Persistence Weakness

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

References

DameWare Mini Remote Control Authentication Credentials Persistence Weakness

References:

DameWare Mini Remote Control Server Product Page (DameWare Development)
Dameware NT Utilities and MiniRemote Control <= 4.9 vulnerability (Jordi Corrales )