EMC NetWorker 8.x < 8.0.2.3 Management Console Information Disclosure

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application installed that is affected
by an information disclosure vulnerability.

Description :

The version of EMC NetWorker is 8.x earlier than 8.0.2.3. As such, it
is potentially affected by an information disclosure vulnerability.
When the NetWorker Management Console is configured to use Active
Directory/LDAP for authentication, an authenticated user may be able
to see the AD/LDAP administrator password in clear text.

See also :

http://seclists.org/bugtraq/2013/Oct/att-152/ESA-2013-072.txt

Solution :

Upgrade to EMC NetWorker 8.0.2.3 / 8.1 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 70727 ()

Bugtraq ID: 63402

CVE ID: CVE-2013-3285