DameWare Mini Remote Control Authentication Credentials Persistence Weakness
Low Nessus Plugin ID 18118
SynopsisThe remote Windows host contains an application that is affected by an information disclosure issue.
DescriptionAccording to its version number, the copy of DameWare Mini Remote Control installed on the remote host allows a local user to recover authentication credentials because the application stores sensitive information in memory as plaintext - username, password, hostname, etc in the case of the 'DWRCC' client process and username (but not password) and authentication type in the case of the 'DWRCS' server process.
SolutionUpgrade to DameWare Mini Remote Control 3.80 / 4.9 or later.