Novell NetWare Modular Authentication Service Local Information Disclosure Vulnerability
BID:24405
Info
Novell NetWare Modular Authentication Service Local Information Disclosure Vulnerability
| Bugtraq ID: | 24405 |
| Class: | Design Error |
| CVE: |
CVE-2007-3200 |
| Remote: | No |
| Local: | Yes |
| Published: | Jun 07 2007 12:00AM |
| Updated: | May 07 2015 05:37PM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
Novell Modular Authentication Service (NMAS) 3.1.2 |
| Not Vulnerable: |
Novell Modular Authentication Service (NMAS) 3.1.3 |
Discussion
Novell NetWare Modular Authentication Service Local Information Disclosure Vulnerability
Novell NetWare Modular Authentication Service (NMAS) is prone to a local information-disclosure vulnerability because 'NMASINST' dumps the admin account and password into a log file in clear text.
The flaw presents itself in NMAS 3.1.2; prior versions are also affected.
Novell NetWare Modular Authentication Service (NMAS) is prone to a local information-disclosure vulnerability because 'NMASINST' dumps the admin account and password into a log file in clear text.
The flaw presents itself in NMAS 3.1.2; prior versions are also affected.
Exploit / POC
Novell NetWare Modular Authentication Service Local Information Disclosure Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Novell NetWare Modular Authentication Service Local Information Disclosure Vulnerability
Solution:
Novell has released an advisory and a fix to address this issue. Please see the referenced advisory for more information.
Solution:
Novell has released an advisory and a fix to address this issue. Please see the referenced advisory for more information.
References
Novell NetWare Modular Authentication Service Local Information Disclosure Vulnerability
References:
References: