CVE-2007-5024 - EMC VMware Server before 1.0.4 Build 56528 writes passwords in cleartext to unspecified log files, w

CVE-2007-5024

Summary

EMC VMware Server before 1.0.4 Build 56528 writes passwords in cleartext to unspecified log files, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2005-3620.

References

http://www.vmware.com/support/server/doc/releasenotes_server.html

Vulnerable Configurations

cpe:2.3:a:emc:vmware_server:-:*:*:*:*:*:*:*
cpe:2.3:a:emc:vmware_server:-:*:*:*:*:*:*:*
cpe:2.3:a:emc:vmware_server:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:emc:vmware_server:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:emc:vmware_server:1.0.4_build_56528:*:*:*:*:*:*:*
cpe:2.3:a:emc:vmware_server:1.0.4_build_56528:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 05-09-2008 - 21:29)
Impact:
Exploitability:

CWE

CWE-310

CAPEC

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

refmap via4

confirm

http://www.vmware.com/support/server/doc/releasenotes_server.html

Last major update

05-09-2008 - 21:29

Published

21-09-2007 - 19:17

Last modified

05-09-2008 - 21:29