Novell NetWare abend.log User Credentials Disclosure

2006-05-08T00:00:00
ID OSVDB:25780
Type osvdb
Reporter OSVDB
Modified 2006-05-08T00:00:00

Description

Vulnerability Description

Novell NetWare contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when PORTAL.NLM function groupOperationsMethod() fails, which will write the username and password in cleartext to the abend.log file, resulting in a loss of confidentiality.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, vendor has released a patch httpstk5.exe to address this vulnerability.

Short Description

Novell NetWare contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when PORTAL.NLM function groupOperationsMethod() fails, which will write the username and password in cleartext to the abend.log file, resulting in a loss of confidentiality.

References:

Vendor Specific News/Changelog Entry: http://support.novell.com/cgi-bin/search/searchtid.cgi?2973698.htm Security Tracker: 1016106 Secunia Advisory ID:SA20288 Keyword: TID2973698 ISS X-Force ID: 26488 FrSIRT Advisory: ADV-2006-1829 CVE-2006-2185 Bugtraq ID: 18017