CVE-2001-0620

iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to gain access to the Netscape Admin Server NAS LDAP database and read arbitrary files by obtaining the cleartext administrator username and password from the configuration file, which has insecure permissions...

iplanet calendar server 5.0p2 exposes Netscape Admin Server master password

at the time of writing, 5.0p2 is the currently available revision on iplanet's download site. the problem: the standard install of iPlanet Calendar server stores the NAS LDAP admin username and password in plaintext in the world readable file: -rw-r--r-- 1 icsuser icsgroup 37882 Feb 20 10:18...