Google Apps Directory Sync < 3.1.6 Weak Stored Credential Local Disclosure

low Nessus Plugin ID 66272

Synopsis

The remote host contains a LDAP synchronization tool that is affected by a weak stored credential local disclosure vulnerability.

Description

The version of Google Apps Directory Sync installed on the remote host is earlier than 3.1.6 and is, therefore, affected by a weak stored credential local disclosure vulnerability. An issue exists in the way 'PBEwithMD5andDES' Java encryption algorithm is implemented, allowing a local attacker to decrypt stored credentials.

Solution

Upgrade to Google Apps Directory Sync 3.1.6 or later.

See Also

https://support.google.com/a/answer/1263028?hl=en

http://www.nessus.org/u?9ffc6950

Plugin Details

Severity: Low

ID: 66272

File Name: google_dir_sync_3_1_6.nasl

Version: 1.4

Type: local

Agent: windows

Family: Windows

Published: 4/30/2013

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.7

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: x-cpe:/a:google:apps_directory_sync

Required KB Items: SMB/Google_Dir_Sync/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/3/2013

Vulnerability Publication Date: 4/3/2013

Reference Information

BID: 58840