|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] Novell Groupwise May Expose Usernames and Passwords
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Mon Aug 04 2003 - 08:20:06 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Novell Groupwise May Expose Usernames and Passwords
READ ONLINE:
http://www.secunia.com/advisories/9426/
CRITICAL:
Not critical
IMPACT:
Exposure of sensitive information
WHERE:
Local system
SOFTWARE:
Novell Groupwise 5.x
Novell Groupwise 6
DESCRIPTION:
A vulnerability has been identified in Novell Groupwise possibly
allowing local users to see usernames and passwords.
The problem is that certain clients use HTTP GET requests when
logging on to the system, this causes the user credentials to be
written to the web server log files. This allows users with local
access to the server to see Groupwise usernames and passwords.
SOLUTION:
Novell has written a guide about how to change the configuration.
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10085583.htm
REPORTED BY / CREDITS:
Adam Gray
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]