Server Alive week password encryption

2004-04-14T00:00:00
ID SECURITYVULNS:DOC:6071
Type securityvulns
Reporter Securityvulns
Modified 2004-04-14T00:00:00

Description

Product Description : Servers Alive is an end-to-end network monitor program. Among the many checks it can do: it can monitor any Winsock service, ping a host, check if an NT service/process is running, check the available disk space on a server, retrieve an URL, check your database engine, and more. When it detects a down condition it can warn you in various ways, including sending you an email (SMTP) saying what is down, or paging you with a numeric or alphanumeric warning. It's also the first monitoring program to support WAP pages viewable with wireless devices

Vulnerability Description :

Server Alive store its configuration in a plain text file. Whenever server alive is used to check a password protected URL, the password is stored using Base64 encryption.

Tested version : 4.1.15.67

Nicolas Robillard, GSEC Information Security Advisor, Systems Security Group Global Information Technologies, SNC-LAVALIN INC. Tel : (514) 393-8000 Ext. 6289 455 René-Lévesque Blvd. West, Montreal (QC), Canada H2Z 1Z3