Netcool/NeuSecure ns_archiver.log Cleartext Password Disclosure

2006-02-16T08:32:57
ID OSVDB:23271
Type osvdb
Reporter Dimitry Snezhkov(dsnezhkov@gmail.com)
Modified 2006-02-16T08:32:57

Description

Vulnerability Description

Netcool/NeuSecure contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords by viewing the application's log file (/opt/NeuSecure/bin/ns_archiver.log), which may lead to a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Netcool/NeuSecure contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords by viewing the application's log file (/opt/NeuSecure/bin/ns_archiver.log), which may lead to a loss of confidentiality.

References:

Vendor URL: http://www.micromuse.com/ Security Tracker: 1015642 Secunia Advisory ID:18922 Related OSVDB ID: 23270 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0364.html Mail List Post: http://attrition.org/pipermail/vim/2006-March/000604.html CVE-2006-0838 CVE-2006-0837 Bugtraq ID: 16698