Novell eDirectory iManager Log File Cleartext Password Disclosure

2006-08-11T08:49:20
ID OSVDB:28370
Type osvdb
Reporter OSVDB
Modified 2006-08-11T08:49:20

Description

Vulnerability Description

Novell eDirectory contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered because application writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file resulting in a loss of confidentiality.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, vendor has released a patch 8.7.3.8 FTF1 to address this vulnerability.

Short Description

Novell eDirectory contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered because application writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file resulting in a loss of confidentiality.

References:

Vendor URL: http://www.novell.com/products/edirectory/ Vendor Specific Advisory URL Security Tracker: 1016695 Secunia Advisory ID:21496 Related OSVDB ID: 28369 Keyword: TID2973826 CVE-2006-4186 Bugtraq ID: 19499