CVE-2001-1550

Name of the Vulnerable Software and Affected Versions CentraOne version 5.2 Centra ASP (affected versions not specified)

Description The issue allows local users to obtain cleartext passwords from decoded log files and impersonate users due to the creation of world-writable base64 encoded log files when basic authentication is enabled.

Recommendations For CentraOne version 5.2, consider disabling basic authentication to prevent the creation of world-writable log files. For Centra ASP, restrict access to the log files to minimize the risk of exploitation until a more specific fix is provided. As a temporary workaround, consider implementing additional access controls to the log files to prevent unauthorized access.