CVE-2006-5303

Name of the Vulnerable Software and Affected Versions Secure Computing SafeWord RemoteAccess version 2.1

Description The issue allows local users to obtain sensitive information, including the UserCenter web portal password, database encryption keys, and signing keys. This is achieved by reading base-64 encoded data in the login.conf file and plaintext data in the signers.cfg file. The locations of these files are SERVERSWebTomcatusercenterWEB-INF and SERVERSShared, respectively.

Recommendations For Secure Computing SafeWord RemoteAccess version 2.1, consider restricting access to the SERVERSWebTomcatusercenterWEB-INF and SERVERSShared directories to minimize the risk of exploitation. Avoid storing sensitive information in plaintext files like signers.cfg. As a temporary workaround, limit local user access to these directories until a more permanent solution is available. At the moment, there is no information about a newer version that contains a fix for this issue.