OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[Full-disclosure] [SECURITY] Plain text password in Finjan Appliance 5100/8100 NG backup file

finde_schwachstellegmx.net
Date: Tue Jul 11 2006 - 05:34:13 CDT


Plain text password in backup file ( Finjan Appliance 5100/8100 NG)
The Version 8.3.5 is affected.

In the new console function backup and restore the passwords are saved as plain text.

The Finjan Appliance uses a Firebird database. The backup saves the database as text file.
Samba and FTP passwords can be found in the text file.

Example file ps.fdb.bak (user: testuser password: test1234):
-----------------------------------------------------------

.
<archive location="//test/temp" method="SAMBA" user="test/testuser" password="test1234"/><archive_fields>
.

-----------------------------------------------------------

The file ps.fdb.bak can be found in the archive backup_YYYY_MM_DD_hh_mm_ss.tar.
--

"Feel free" – 10 GB Mailbox, 100 FreeSMS/Monat ...
Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/