|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA16666] Savant Web Server Exposure of User Credentials
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Fri Sep 02 2005 - 03:51:14 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
Savant Web Server Exposure of User Credentials
SECUNIA ADVISORY ID:
SA16666
VERIFY ADVISORY:
http://secunia.com/advisories/16666/
CRITICAL:
Less critical
IMPACT:
Exposure of sensitive information
WHERE:
Local system
SOFTWARE:
Savant Web Server 3.x
http://secunia.com/product/217/
DESCRIPTION:
basher13 has discovered a security issue in Savant Web Server, which
can be exploited by malicious, local users to disclose potentially
sensitive information.
The problem is that user credentials are stored with insecure
permissions in "HKLM\SOFTWARE\DAEMONS\Savant\Users" in the Windows
registry. This can be exploited to disclose server usernames and
passwords.
The security issue has been confirmed in version 3.1. Other versions
may also be affected.
SOLUTION:
Grant only trusted users access to affected systems.
PROVIDED AND/OR DISCOVERED BY:
basher13
ORIGINAL ADVISORY:
http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=84
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]