|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-disclosure] [SECURITY] Plain text password in Finjan Appliance 5100/8100 NG backup file
finde_schwachstelle
gmx.net
Date: Tue Jul 11 2006 - 05:34:13 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Plain text password in backup file ( Finjan Appliance 5100/8100 NG)
The Version 8.3.5 is affected.
In the new console function backup and restore the passwords are saved as plain text.
The Finjan Appliance uses a Firebird database. The backup saves the database as text file.
Samba and FTP passwords can be found in the text file.
Example file ps.fdb.bak (user: testuser password: test1234):
-----------------------------------------------------------
.
<archive location="//test/temp" method="SAMBA" user="test/testuser" password="test1234"/><archive_fields>
.
-----------------------------------------------------------
The file ps.fdb.bak can be found in the archive backup_YYYY_MM_DD_hh_mm_ss.tar.
--
"Feel free" – 10 GB Mailbox, 100 FreeSMS/Monat ...
Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]