PT-2000-1453 · Shiva · Shiva Access Manager

Published

2000-06-06

Updated

2017-10-10

CVE-2000-0516

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Shiva Access Manager version 5.0.0

Description The issue allows local users to compromise the LDAP server by storing the root DN (Distinguished Name) name and password in cleartext in a world-readable file when configured to store configuration information in an LDAP directory.

Recommendations For Shiva Access Manager version 5.0.0, consider restricting access to the configuration file that stores the root DN and password to prevent local users from reading the sensitive information. As a temporary workaround, limit the privileges of local users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2000-0516

Affected Products

Shiva Access Manager

PT-2000-1453 · Shiva · Shiva Access Manager

CVE-2000-0516

Related Identifiers

Affected Products

References · 5