CVE-2006-4537

Name of the Vulnerable Software and Affected Versions OpenVMS ALPHA versions 7.3-2 through 8.2

Description The issue allows local users to obtain passwords by reading an audit log file after a successful connection following a "network breakin" event. This occurs because NET$SESSION CONTROL.EXE in DECnet-Plus writes the password to the log file.

Recommendations For OpenVMS ALPHA versions 7.3-2 through 8.2, consider restricting access to the audit log file to minimize the risk of password exposure until a fix is available.