ID |
CVE-1999-1322
|
Summary |
The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:broadcom:arcserve_backup:*:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:arcserve_backup:*:*:*:*:*:*:*:*
-
cpe:2.3:a:broadcom:inoculan:*:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:inoculan:*:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:exchange_server:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:*:*:*:*:*:*:*:*
|
CVSS |
Base: | 4.6 (as of 09-04-2021 - 16:57) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
LOCAL |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
refmap
via4
|
ntbugtraq | - 19981112 exchverify.log
- 19981117 Re: exchverify.log - update #1
- 19981125 Re: exchverify.log - update #2
- 19981216 Arcserve Exchange Client security issue being fixed
- 19990305 Cheyenne InocuLAN for Exchange plain text password still there
- 19990426 ArcServe Exchange Client Security Issue still unresolved
|
|
Last major update |
09-04-2021 - 16:57 |
Published |
12-11-1998 - 05:00 |
Last modified |
09-04-2021 - 16:57 |