| ID |
CVE-1999-1322
|
| Summary |
The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:broadcom:arcserve_backup:*:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:arcserve_backup:*:*:*:*:*:*:*:*
-
cpe:2.3:a:broadcom:inoculan:*:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:inoculan:*:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:exchange_server:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:exchange_server:*:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 4.6 (as of 09-04-2021 - 16:57) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| LOCAL |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
| refmap
via4
|
| ntbugtraq | - 19981112 exchverify.log
- 19981117 Re: exchverify.log - update #1
- 19981125 Re: exchverify.log - update #2
- 19981216 Arcserve Exchange Client security issue being fixed
- 19990305 Cheyenne InocuLAN for Exchange plain text password still there
- 19990426 ArcServe Exchange Client Security Issue still unresolved
|
|
| Last major update |
09-04-2021 - 16:57 |
| Published |
12-11-1998 - 05:00 |
| Last modified |
09-04-2021 - 16:57 |
