PT-2007-5697 · Novell · Novell Identity Manager

Published

2007-08-25

Updated

2018-09-27

CVE-2007-4526

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Novell Identity Manager versions prior to 3.5.1 20070730

Description The issue allows local users to obtain sensitive information, specifically usernames and passwords, by reading a local file where this data is stored. This is due to the way the Client Login Extension (CLE) handles storage of this sensitive information.

Recommendations For versions prior to 3.5.1 20070730, update to version 3.5.1 20070730 or later to resolve the issue. As a temporary workaround, consider restricting access to the local file where the username and password are stored to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2007-4526

Affected Products

Novell Identity Manager

PT-2007-5697 · Novell · Novell Identity Manager

CVE-2007-4526

Weakness Enumeration

Related Identifiers

Affected Products

References · 8