Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:4936
HistoryAug 01, 2003 - 12:00 a.m.

Novell GroupWise Internet Agent 6.5.1

2003-08-0100:00:00
vulners.com
16
JSON

Novacoast Security Advisory
Novell GroupWise 6.5 Vulnerability

Synopsis:
Novacoast has discovered a vulnerability in the Novell GroupWise 6.5 Wireless Webaccess
logging functionality. The software exposes all username and passwords within the log file in
clear text. This information could be used to impersonate other users and allow unauthorized
access to mail or network resources.

Description:
A key component of the Novell Nterprise* family of one Net solutions, Novell® GroupWise® 6.5
is a cross-platform collaboration product that enables you to work smarter alone and with
others over any type of network*wired to wireless, including the Internet. In addition to
integrated e-mail and scheduling services, GroupWise offers task-, contact- and
document-management services that increase productivity. GroupWise also delivers secure
instant messaging, tools that help you manage daily activities more efficiently and extensive
mobile-access capabilities. In a nutshell, this innovative, open standards-based approach to
collaboration services provides security, control and mobility while increasing user
productivity and reducing the cost of managing and maintaining your organization's essential
communication and collaboration services.

Affected Version:
Novell GroupWise 6.5 Webaccess
Novell GroupWise Wireless Web Access
Novell Linux/Mac Beta Client
NetWare 5/6
Apache 1.3.x

Exploit:
None required
Open sys:\apache\logs\access_log
Passwords are listed as part of the url. the are preceded with username=&password=

Recommended Solution:
Upgrade to Novell GroupWise 6.5 sp1

Status:
This bug has been submitted to, acknowledged by, and a fix has been created and included with
the latest service pack for Novell GroupWise 6.5. It can be downloaded from:
http://support.novell.com

Additional information can be found at the following location:
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10085583.htm

Disclaimer:
Novacoast accepts no liability or responsibility for the
content of this report, or for the consequences of any
actions taken on the basis of the information provided
within. Dissemination of this information is granted
provided it is presented in its entirety. Modifications
may not be made without the explicit permission of
Novacoast.

Adam Gray
CTO
Novacoast, Inc.
[email protected]
http://www.novacoast.com

JSON