CRYPTO-Server installvariables.properties LDAP Credential Local Disclosure
Low Nessus Plugin ID 23741
SynopsisThe remote Windows host is affected by an information disclosure issue.
DescriptionA version of CRYPTOCard CRYPTO-Server, the server component of a commercial two-factor authentication system, is installed on the remote host.
When CRYPTO-Server was installed on the remote host, the installer left credentials used to configure the application with Active Directory in a log file, which by default is readable by anyone with local access.
SolutionChange the credentials used by CRYPTO-Server for Active Directory and JDBC.