Positive Software H-Sphere Winbox Sensitive Logfile Content Disclosure Vulnerability
BID:13559
Info
Positive Software H-Sphere Winbox Sensitive Logfile Content Disclosure Vulnerability
| Bugtraq ID: | 13559 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | May 09 2005 12:00AM |
| Updated: | May 09 2005 12:00AM |
| Credit: | "Morning Wood" <[email protected]> disclosed this vulnerability.. |
| Vulnerable: |
Positive Software H-Sphere Winbox 2.4.3 Positive Software H-Sphere Winbox 2.4.2 |
| Not Vulnerable: | |
Discussion
Positive Software H-Sphere Winbox Sensitive Logfile Content Disclosure Vulnerability
It is reported that Positive Software H-Sphere Winbox stores user account information in a plaintext format inside of application log files.
As a result, user credentials could be exposed to other local users who have permissions to access the log files.
It is reported that Positive Software H-Sphere Winbox stores user account information in a plaintext format inside of application log files.
As a result, user credentials could be exposed to other local users who have permissions to access the log files.
Exploit / POC
Positive Software H-Sphere Winbox Sensitive Logfile Content Disclosure Vulnerability
An exploit is not required. Simply employ a text viewing application to open the following files:
C:\HSphere.NET\log\action.log
C:\HSphere.NET\log\resources.log
An exploit is not required. Simply employ a text viewing application to open the following files:
C:\HSphere.NET\log\action.log
C:\HSphere.NET\log\resources.log
Solution / Fix
Positive Software H-Sphere Winbox Sensitive Logfile Content Disclosure Vulnerability
Solution:
The vendor has released an update to address this issue:
Positive Software H-Sphere Winbox 2.4.2
Positive Software H-Sphere Winbox 2.4.3
Solution:
The vendor has released an update to address this issue:
Positive Software H-Sphere Winbox 2.4.2
-
H-Sphere Security Update 1 For H-Sphere 2.4.2 Patch 4 and 2.4.3 RC 1
http://www.psoft.net/misc/hsphere_winbox_security_update_passwd.html
Positive Software H-Sphere Winbox 2.4.3
-
H-Sphere Security Update 1 For H-Sphere 2.4.2 Patch 4 and 2.4.3 RC 1
http://www.psoft.net/misc/hsphere_winbox_security_update_passwd.html
References
Positive Software H-Sphere Winbox Sensitive Logfile Content Disclosure Vulnerability
References:
References:
- - EXPL-A-2005-007 exploitlabs.com Advisory 036 - ("Morning Wood"
) - H-Sphere Homepage (Positive Software)