CRYPTO-Server LDAP Credential Local Disclosure

Low Nessus Plugin ID 23741


The remote Windows host is affected by an information disclosure issue.


A version of CRYPTOCard CRYPTO-Server, the server component of a commercial two-factor authentication system, is installed on the remote host.

When CRYPTO-Server was installed on the remote host, the installer left credentials used to configure the application with Active Directory in a log file, which by default is readable by anyone with local access.


Change the credentials used by CRYPTO-Server for Active Directory and JDBC.

Plugin Details

Severity: Low

ID: 23741

File Name: crypto_server_ldap_credentials_disclosure.nasl

Version: $Revision: 1.13 $

Type: local

Agent: windows

Family: Windows

Published: 2006/11/30

Modified: 2015/01/12

Dependencies: 13855

Risk Information

Risk Factor: Low


Base Score: 2.1

Temporal Score: 2

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2006/11/27

Reference Information

CVE: CVE-2006-6145

BID: 21305

OSVDB: 30690