PT-2006-6308 · Axalto · Axalto Protiva

Nnposter

Published

2006-10-28

Updated

2018-10-17

CVE-2006-5600

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Axalto Protiva version 1.1

Description: The issue allows local users to gain privileges by reading passwords stored in plaintext in files with insecure permissions. The passwords can be found in files such as KeyToolkeytool.config or webappsprotivaWEB-INFclassesauthserver.config.

Recommendations: For Axalto Protiva version 1.1, consider restricting access to the KeyToolkeytool.config and webappsprotivaWEB-INFclassesauthserver.config files to minimize the risk of exploitation. Additionally, modify the permissions of these files to secure them and prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-5600

Affected Products

Axalto Protiva

PT-2006-6308 · Axalto · Axalto Protiva

CVE-2006-5600

Related Identifiers

Affected Products

References · 5