Lucene search

[email protected]CVE-2002-1676

HistoryDec 31, 2002 - 5:00 a.m.

CVE-2002-1676

2002-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

bindview

netinventory

vulnerability

local users

passwords

security

information security document

6.6 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON

BindView NetInventory 1.0, when used with NetRC 1.0, allows local users to read sensitive information (passwords) by deleting the HOSTCFG._NI file and forcing an audit, which rewrites the HOSTCFG._NI to HOSTCFG.INI and stores the passwords in cleartext until the audit is complete.

CPENameOperatorVersion
bindview:netinventorybindview netinventoryeq1.0
bindview:netrcbindview netrceq1.0

CPE	Name	Operator	Version
bindview:netinventory	bindview netinventory	eq	1.0
bindview:netrc	bindview netrc	eq	1.0

References

online.securityfocus.com/archive/1/252293

online.securityfocus.com/archive/1/256056

www.securityfocus.com/bid/3957

exchange.xforce.ibmcloud.com/vulnerabilities/7992

6.6 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.3%

JSON