Hancom Office 2007 Reboot.ini Clear-Text Passwords Vulnerability

ID SSV:73135
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.

                                                source: http://www.securityfocus.com/bid/228/info

During installation of BackOffice 4.0, a file called reboot.ini is created and stored in the \Program Files\Microsoft BackOffice directory. This file contains clear-text usernames and passwords for several services that may be created during installation. These services include: SQL Executive Logon, Exchange Services, and MTS Remote Administration (and potentially others). The File ACLs for this file are set to Everyone:Full Control. 

Clear-text usernames and passwords are stored in the \Program Files\Microsoft BackOffice\Reboot.ini file.