PT-2006-5427 · New Net Technologies · Auditwizard
Terry Donaldson
·
Published
2006-09-08
·
Updated
2018-10-17
·
CVE-2006-4642
CVSS v2.0
1.7
Low
| Vector | AV:L/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
AuditWizard version 6.3.2
Description
The issue allows local users to obtain sensitive information by reading a log file. When using "Remote Audit," the administrator password is logged in plaintext to LaytonCmdSvc.log.
Recommendations
For AuditWizard version 6.3.2, consider restricting access to the LaytonCmdSvc.log file to minimize the risk of exploitation. As a temporary workaround, avoid using the "Remote Audit" feature until a patch is available.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Auditwizard