CRYPTO-Server installvariables.properties LDAP Credential Local Disclosure

low Nessus Plugin ID 23741

Synopsis

The remote Windows host is affected by an information disclosure issue.

Description

A version of CRYPTOCard CRYPTO-Server, the server component of a commercial two-factor authentication system, is installed on the remote host.

When CRYPTO-Server was installed on the remote host, the installer left credentials used to configure the application with Active Directory in a log file, which by default is readable by anyone with local access.

Solution

Change the credentials used by CRYPTO-Server for Active Directory and JDBC.

Plugin Details

Severity: Low

ID: 23741

File Name: crypto_server_ldap_credentials_disclosure.nasl

Version: 1.14

Type: local

Agent: windows

Family: Windows

Published: 11/30/2006

Updated: 7/6/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 11/27/2006

Reference Information

CVE: CVE-2006-6145

BID: 21305

Detections

Analytics