CVE-2009-2357

The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system...

Design/Logic Flaw

TekRADIUS 3.0 uses BUILTIN\Users:R permissions for the TekRADIUS.ini file, which allows local users to obtain obfuscated database credentials by reading this file...

CVE-2009-2359

Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context-dependent attackers to execute arbitrary SQL commands via 1 the GUI client, as demonstrated by input to the Browse Users text box in the Users tab; or 2 the command-line client, as demonstrated by a certain trcli -r command...

CVE-2009-2358

TekRADIUS 3.0 uses BUILTIN\Users:R permissions for the TekRADIUS.ini file, which allows local users to obtain obfuscated database credentials by reading this file...

CVE-2009-2357

TekRADIUS 3.0 is affected: its default configuration communicates with Microsoft SQL Server using the sa account, enabling remote attackers to obtain privileged database and Windows OS access. The Seebug entry also notes that TekRADIUS stores DB credentials in C:\Program Files\TekRADIUS\TekRADIUS...

CVE-2009-2358

TekRADIUS 3.0 stores database credentials in TekRADIUS.ini. The file is readable with BUILTIN\Users:R permissions, enabling any local Windows user to read obfuscated credentials. This is a local-read confidentiality risk; no exploit details or patches are provided in the connected documents. The ...