Lucene search
cheyenne.InocuLAN.passwd.txt
Cheyenne InocuLAN exposes plain text passwords in log files despite claims of resolution.
Show more
`Date: Fri, 5 Mar 1999 12:19:59 -0800
From: JEK <[email protected]>
To: [email protected]
Subject: Cheyenne InocuLAN for Exchange plain text password still there
This dates back to Ron Watkins' post on 12/16/98 regarding the plain text
account name/password left in the exchverify.log file by the installation of
Cheyenne's Anti-Virus Agent for Exchange.
Quote from Ron:
"I was called on Monday by Brian Linton at Computer Associates. He says
that the plaintext admin password was put into c:\exchverify.log by earlier
versions of the Arcserve Exchange client, but that build 57 (the most recent
version) puts only the length there. It does not erase that file as new
installs are done, but rather appends, which is why some folks still had
that plaintext password even after installing the most recent build."
I am currently testing AV Agent for Exchange and installed what I was told
was the most recent version (build 64) on a clean NT 4.0/SP4/Exchange 5.5
server running InocuLAN for NT 4.0 (build 375). This was a fresh build and
*not* upgraded from earlier versions of any software. The exchverify.log
file is still there and still contains the account name and password in
clear text - NOT merely the length as stated above.
JEK, MCSE
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4