CVE-2002-0114 - EMC NetWorker (formerly Legato NetWorker) before 7.0 stores passwords in plaintext in the daemon.log

CVE-2002-0114

Summary

EMC NetWorker (formerly Legato NetWorker) before 7.0 stores passwords in plaintext in the daemon.log file, which allows local users to gain privileges by reading the password from the file. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform.

References

http://online.securityfocus.com/archive/1/249420
http://www.iss.net/security_center/static/7898.php
http://www.securityfocus.com/bid/3842

Vulnerable Configurations

cpe:2.3:a:emc:networker:6.1:*:*:*:*:*:*:*
cpe:2.3:a:emc:networker:6.1:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 30-03-2012 - 01:14)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	3842
bugtraq	20020110 Legato Vulnerable
xf	legato-nsrd-log-plaintext(7898)

Last major update

30-03-2012 - 01:14

Published

25-03-2002 - 05:00

Last modified

30-03-2012 - 01:14