Novell Client Login Field Clipboard Content Disclosure

2006-05-21T10:48:56
ID OSVDB:25760
Type osvdb
Reporter Eitan Caspi(EitanCaspi@yahoo.com)
Modified 2006-05-21T10:48:56

Description

Vulnerability Description

Novell Client contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to the Novell client Login dialog box failure to restrict access to the contents of the clipboard when the system is "locked". It can be possible to disclose the text contents of the current user's clipboard by pasting it into the "User Name" field, or to change the clipboard's content by performing a copy from the "User Name" field information.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: manualy clear clipboard before locking and after unlocking system.

Short Description

Novell Client contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to the Novell client Login dialog box failure to restrict access to the contents of the clipboard when the system is "locked". It can be possible to disclose the text contents of the current user's clipboard by pasting it into the "User Name" field, or to change the clipboard's content by performing a copy from the "User Name" field information.

References:

Secunia Advisory ID:20194 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0436.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0421.html ISS X-Force ID: 26595 CVE-2006-2612