Lucene search

[email protected]CVE-2006-4642

HistorySep 08, 2006 - 9:04 p.m.

CVE-2006-4642

2006-09-0821:04:00

[email protected]

web.nvd.nist.gov

auditwizard

remote audit

plaintext password

laytoncmdsvc.log

sensitive information

local users

1.7 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

AuditWizard 6.3.2, when using “Remote Audit,” logs the administrator password in plaintext to LaytonCmdSvc.log, which allows local users to obtain sensitive information by reading the file.

Affected configurations

NVD

Node

auditwizardauditwizardMatch6.3.2

CPENameOperatorVersion
auditwizard:auditwizardauditwizardeq6.3.2

CPE	Name	Operator	Version
auditwizard:auditwizard	auditwizard	eq	6.3.2

References

secunia.com/advisories/21773

securityreason.com/securityalert/1525

securitytracker.com/id?1016795

www.securityfocus.com/archive/1/445220/100/0/threaded

www.securityfocus.com/bid/19860

www.vupen.com/english/advisories/2006/3498

exchange.xforce.ibmcloud.com/vulnerabilities/28743

1.7 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2006-4642

cvelist1 nvd1