Lucene search

[email protected]CVE-2002-1676

HistoryJun 21, 2005 - 4:00 a.m.

CVE-2002-1676

2005-06-2104:00:00

[email protected]

web.nvd.nist.gov

bindview

netinventory

vulnerability

local users

passwords

security

information security document

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

BindView NetInventory 1.0, when used with NetRC 1.0, allows local users to read sensitive information (passwords) by deleting the HOSTCFG._NI file and forcing an audit, which rewrites the HOSTCFG._NI to HOSTCFG.INI and stores the passwords in cleartext until the audit is complete.

Affected configurations

NVD

Node

bindviewnetinventoryMatch1.0

bindviewnetrcMatch1.0

CPENameOperatorVersion
bindview:netinventorybindview netinventoryeq1.0
bindview:netrcbindview netrceq1.0

CPE	Name	Operator	Version
bindview:netinventory	bindview netinventory	eq	1.0
bindview:netrc	bindview netrc	eq	1.0

References

online.securityfocus.com/archive/1/252293

online.securityfocus.com/archive/1/256056

www.securityfocus.com/bid/3957

exchange.xforce.ibmcloud.com/vulnerabilities/7992

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2002-1676

cvelist1 nvd1