Netcool/NeuSecure neusecure.conf Permission Weakness Cleartext Password Disclosure

2006-02-16T08:32:57
ID OSVDB:23270
Type osvdb
Reporter Dimitry Snezhkov(dsnezhkov@gmail.com)
Modified 2006-02-16T08:32:57

Description

Vulnerability Description

Netcool/NeuSecure contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords by reading the /etc/neusecure.conf configuration file, which may lead to a loss of confidentiality. The files are readable by any user on the system by default.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Netcool/NeuSecure contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords by reading the /etc/neusecure.conf configuration file, which may lead to a loss of confidentiality. The files are readable by any user on the system by default.

References:

Vendor URL: http://www.micromuse.com/ Security Tracker: 1015642 Secunia Advisory ID:18922 Related OSVDB ID: 23914 Related OSVDB ID: 23271 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0364.html Mail List Post: http://attrition.org/pipermail/vim/2006-March/000604.html CVE-2006-0838 CVE-2006-0837 Bugtraq ID: 16698