PT-2001-2635 · Centra · Centraone+1

Published

2001-12-31

Updated

2017-07-11

CVE-2001-1550

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions CentraOne version 5.2 Centra ASP (affected versions not specified)

Description The issue allows local users to obtain cleartext passwords from decoded log files and impersonate users due to the creation of world-writable base64 encoded log files when basic authentication is enabled.

Recommendations For CentraOne version 5.2, consider disabling basic authentication to prevent the creation of world-writable log files. For Centra ASP, restrict access to the log files to minimize the risk of exploitation until a more specific fix is provided. As a temporary workaround, consider implementing additional access controls to the log files to prevent unauthorized access.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-1550

Affected Products

Centra Asp

Centraone

PT-2001-2635 · Centra · Centraone+1

CVE-2001-1550

Related Identifiers

Affected Products

References · 5