Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

cheyenne.InocuLAN.passwd.txt

🗓️ 17 Aug 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 35 Views

Cheyenne InocuLAN exposes plain text passwords in log files despite claims of resolution.

Code
`Date: Fri, 5 Mar 1999 12:19:59 -0800  
From: JEK <[email protected]>  
To: [email protected]  
Subject: Cheyenne InocuLAN for Exchange plain text password still there  
  
  
This dates back to Ron Watkins' post on 12/16/98 regarding the plain text  
account name/password left in the exchverify.log file by the installation of  
Cheyenne's Anti-Virus Agent for Exchange.  
  
Quote from Ron:  
"I was called on Monday by Brian Linton at Computer Associates. He says  
that the plaintext admin password was put into c:\exchverify.log by earlier  
versions of the Arcserve Exchange client, but that build 57 (the most recent  
version) puts only the length there. It does not erase that file as new  
installs are done, but rather appends, which is why some folks still had  
that plaintext password even after installing the most recent build."  
  
I am currently testing AV Agent for Exchange and installed what I was told  
was the most recent version (build 64) on a clean NT 4.0/SP4/Exchange 5.5  
server running InocuLAN for NT 4.0 (build 375). This was a fresh build and  
*not* upgraded from earlier versions of any software. The exchverify.log  
file is still there and still contains the account name and password in  
clear text - NOT merely the length as stated above.  
  
JEK, MCSE  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4
cheyenne inoculanplain text passwordexchverify.log filesecurity vulnerabilityexchange clientsoftware build.
35