Demarc Puresecure Cleartext Authentication Credential Disclosure

2003-05-21T00:00:00
ID OSVDB:7690
Type osvdb
Reporter Ryan Purita(ryan@totally-connected.com)
Modified 2003-05-21T00:00:00

Description

Vulnerability Description

Demarc PureSecure contains a flaw that may allow a malicious user to manipulate arbitrary data. The problem is that the application stores the authentication information for the logging server in plaintext. It is possible that the flaw may allow a malicious user to gain access to the logging server and manipulate arbitrary events in the database resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Demarc PureSecure contains a flaw that may allow a malicious user to manipulate arbitrary data. The problem is that the application stores the authentication information for the logging server in plaintext. It is possible that the flaw may allow a malicious user to gain access to the logging server and manipulate arbitrary events in the database resulting in a loss of integrity.

References:

Vendor URL: http://www.demarc.com/ Security Tracker: 1006826 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-05/0230.html ISS X-Force ID: 12047 CVE-2003-0340 Bugtraq ID: 7650