CVE-2007-3200

high

Description

NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and earlier on NetWare logs its invoking command line to NMASINST.LOG, which might allow local users to obtain the admin username and password by reading this file.

References

https://secure-support.novell.com/KanisaPlatform/Publishing/249/3260550_f.SAL_Public.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/34806

http://www.vupen.com/english/advisories/2007/2118

http://www.securityfocus.com/bid/24405

http://securitytracker.com/id?1018215

http://secunia.com/advisories/25592

http://osvdb.org/35943

Details

Source: Mitre, NVD

Published: 2007-06-12

Updated: 2026-04-23

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Severity: High

EPSS

EPSS: 0.00044

Detections

Analytics