BindView NetInventory NetRC hostcfg_ni password passed in clear t ext

["Barker, Brent" <hostmaster () viasat com>]

A design flaw exist in BindView NetInventory and NetRC software that 
allows users to view the password during auditing.

Discovered: Wednesday, January 09, 2002 4:54 PM

Steps to reproduce the flaw.

Local users can delete their HOSTCFG._NI file and then force an audit from
the netlogon directory.  During the audit the HOSTCFG._NI is rewritten as
HOSTCFG.INI which is in clear text until the audit is complete.   

Each machine on the network configured with that password can be accessed
remotely.

BindView returned our e-mails with the statement that it would be fixed in
the next release.

Brent Barker
ViaSat, Inc.