Kolab Server slapd.conf Root Password Disclosure

2004-04-20T08:44:27
ID OSVDB:5898
Type osvdb
Reporter Luca Villani(luca.villani@wseurope.com)
Modified 2004-04-20T08:44:27

Description

Vulnerability Description

Kolab Server contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to root passwords, which are stored in plaintext in the slapd.conf file.

Solution Description

Upgrade to version 1.0-1.0.20 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Kolab Server contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to root passwords, which are stored in plaintext in the slapd.conf file.

References:

Vendor URL: http://www.kolab.org/ Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:11560 Other Advisory URL: http://www.kolab.org/pipermail/kolab-users/2004-April/000215.html Other Advisory URL: http://www.openpkg.org/security/OpenPKG-SA-2004.019-kolab.html ISS X-Force ID: 16068