Novell Identity Manager May Disclose Passwords to Local Users
|
|
SecurityTracker Alert ID: 1018602
|
|
SecurityTracker URL: http://securitytracker.com/id?1018602
|
|
CVE Reference: CVE-2007-4526
(Links to External Site)
|
Updated: Mar 26 2008
|
Original Entry Date: Aug 23 2007
|
Impact: Disclosure of authentication information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 3.5.1 20070730
|
Description: A vulnerability was reported in Novell Identity Manager. A local user can obtain passwords.
The Client Login Extension (CLE) stores the user's login name and password to a local file when the user logs in. A local user may
be able to obtain this information.
The vendor states that the information can only be read by the logged in user.
The 3.5
CLE media or patch downloaded after August 1, 2007 is not affected.
|
Impact: A local user can obtain passwords.
|
Solution: The vendor has issued a fixed version (3.5.1 20070730).
The Novell advisory is available at:
https://secure-support.novell.com/KanisaPlatform/Publishing/177/3329402_f.SAL_Public.html
|
Vendor URL: secure-support.novell.com/KanisaPlatform/Publishing/177/3329402_f.SAL_Public.html (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 23 Aug 2007 19:20:35 -0400
Subject: Client Login Extension for Novell Identity Manager 3.5 Security Fix
|
https://secure-support.novell.com/KanisaPlatform/Publishing/177/3329402_f.SAL_Public.html
|
|
