ID CVE-2006-4642
Summary AuditWizard 6.3.2, when using "Remote Audit," logs the administrator password in plaintext to LaytonCmdSvc.log, which allows local users to obtain sensitive information by reading the file.
References
Vulnerable Configurations
  • cpe:2.3:a:auditwizard:auditwizard:6.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:auditwizard:auditwizard:6.3.2:*:*:*:*:*:*:*
CVSS
Base: 1.7 (as of 17-10-2018 - 21:38)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:L/Au:S/C:P/I:N/A:N
refmap via4
bid 19860
bugtraq 20060905 AuditWizard 6.3.2 gives away administrator password
sectrack 1016795
secunia 21773
sreason 1525
vupen ADV-2006-3498
xf auditwizard-remoteaudit-password-disclosure(28743)
Last major update 17-10-2018 - 21:38
Published 08-09-2006 - 21:04
Back to Top