Press CTRL-D to bookmark us
Welcome Guest Login / Register / Members
Search in  
Top Submit newsSubscribe
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
 

 Sponsored links

Want to become one of our authors and see your work published on ALLSeek.iNFO ?
 
 WebTool-userpass May Disclose SSH User Passphrases to Certain Local Users
Categorie: Vulnerability
Posted: 2003-09-27 by ReCall
Views: 404
Source: Click here
 		Current Rating: Not rated
Poor Best
 Details
Description: A vulnerability was reported in the WebTool-userpass package. The application may disclose a target user's SSH passphrase via a log file entry.

It is reported that a local user's SSH passphrase is recorded in the /var/log/userpass.log file when the user creates an SSH key using WebTool-userpass. The passphrase may be viewed by local users with read privileges for that file.

Guardian Digital credits "Shawn" with discovering and reporting this flaw.

Impact: A local user with read privileges for the '/var/log/userpass.log' file may be able to view a target user's SSH passphrase.

Solution: The vendor has released a fix. Guardian Digital Secure Network subscribers can update via the Guardian Digital WebTool.
 
Syndication
Permalink Email this

The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=477

User comments (post your comments here)

Only registerd members can post comments and articles
 
Previous articleBack to news listNext article
 


InterJOB.su
Bookmark us | Set As Homepage | Advertising | Contact Us | Recomend us | Link us | Links | Terms

SpyLOG Page Rank Checker
LAST QUERIES