Google Apps Directory Sync < 3.1.6 Weak Stored Credential Local Disclosure
Low Nessus Plugin ID 66272
SynopsisThe remote host contains a LDAP synchronization tool that is affected by a weak stored credential local disclosure vulnerability.
DescriptionThe version of Google Apps Directory Sync installed on the remote host is earlier than 3.1.6 and is, therefore, affected by a weak stored credential local disclosure vulnerability. An issue exists in the way 'PBEwithMD5andDES' Java encryption algorithm is implemented, allowing a local attacker to decrypt stored credentials.
SolutionUpgrade to Google Apps Directory Sync 3.1.6 or later.