CVE-2007-4526 - The Client Login Extension (CLE) in Novell Identity Manager before 3.5.1 20070730 stores the usernam

CVE-2007-4526

Summary

The Client Login Extension (CLE) in Novell Identity Manager before 3.5.1 20070730 stores the username and password in a local file, which allows local users to obtain sensitive information by reading this file.

References

Vulnerable Configurations

cpe:2.3:a:netiq:identity_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:netiq:identity_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:novell:client_login_extension_\(cle\):*:*:*:*:*:*:*:*
cpe:2.3:a:novell:client_login_extension_\(cle\):*:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 27-09-2018 - 21:30)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	25420
confirm	https://secure-support.novell.com/KanisaPlatform/Publishing/177/3329402_f.SAL_Public.html
osvdb	37320
sectrack	1018602
secunia	26555
vupen	ADV-2007-2957
xf	novell-identity-login-information-disclosure(36215)

Last major update

27-09-2018 - 21:30

Published

25-08-2007 - 00:17

Last modified

27-09-2018 - 21:30