CA Unicenter Common Services TndAddNspTmp.bat Password Disclosure

2004-09-29T07:55:05
ID OSVDB:10408
Type osvdb
Reporter OSVDB
Modified 2004-09-29T07:55:05

Description

Vulnerability Description

CA Unicenter Common Services contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to the "SA" plaintext password when a user opens the TndAddNspTmp.bat as text, which may lead to a loss of confidentiality.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Computer Associates has released a patch to address this vulnerability.

Short Description

CA Unicenter Common Services contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to the "SA" plaintext password when a user opens the TndAddNspTmp.bat as text, which may lead to a loss of confidentiality.

References:

Vendor URL: http://www.ca.com Security Tracker: 1011468 Secunia Advisory ID:12639 Related OSVDB ID: 10407 Related OSVDB ID: 10409 Other Advisory URL: http://supportconnect.ca.com/sc/solcenter/sol_detail.jsp?aparno=QO58447&os=NT&returninput=0 ISS X-Force ID: 17562 CVE-2004-2436 Bugtraq ID: 11277