PT-1998-1198 · Ca+1 · 1Arcserve Backup+1

Published

1998-11-12

Updated

2021-04-09

CVE-1999-1322

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions 1ArcServe Backup (affected versions not specified) Inoculan AV client (affected versions not specified)

Description The installation of certain modules creates a log file, exchverify.log, which stores usernames and passwords in plaintext.

Recommendations For 1ArcServe Backup, consider restricting access to the exchverify.log file until a fix is available. For Inoculan AV client, avoid using the affected module for Exchange until the issue is resolved. As a temporary workaround, consider disabling the logging feature that creates the exchverify.log file to prevent plaintext storage of sensitive information.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-1999-1322

Affected Products

1Arcserve Backup

Inoculan Av Client

PT-1998-1198 · Ca+1 · 1Arcserve Backup+1

CVE-1999-1322

Related Identifiers

Affected Products

References · 3