PT-2002-2400 · Bindview · Bindview Netinventory

Published

2002-12-31

Updated

2017-07-11

CVE-2002-1676

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions BindView NetInventory version 1.0

Description The issue allows local users to read sensitive information, such as passwords, by manipulating the HOSTCFG. NI file and forcing an audit. This process rewrites the HOSTCFG. NI to HOSTCFG.INI, storing the passwords in cleartext until the audit is complete.

Recommendations For BindView NetInventory version 1.0, consider restricting access to the HOSTCFG. NI file and avoid forcing audits unless necessary, to minimize the risk of password exposure. Additionally, monitor the system for any unauthorized access or modifications to the HOSTCFG. NI file.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1676

Affected Products

Bindview Netinventory

PT-2002-2400 · Bindview · Bindview Netinventory

CVE-2002-1676

Related Identifiers

Affected Products

References · 5