Full Disclosure mailing list archives
[SECURITY] Plain text password in Finjan Appliance 5100/8100 NG backup file
From: finde_schwachstelle () gmx net
Date: Tue, 11 Jul 2006 12:34:13 +0200
Plain text password in backup file ( Finjan Appliance 5100/8100 NG) The Version 8.3.5 is affected. In the new console function backup and restore the passwords are saved as plain text. The Finjan Appliance uses a Firebird database. The backup saves the database as text file. Samba and FTP passwords can be found in the text file. Example file ps.fdb.bak (user: testuser password: test1234): ----------------------------------------------------------- . <archive location="//test/temp" method="SAMBA" user="test/testuser" password="test1234"/><archive_fields> . ----------------------------------------------------------- The file ps.fdb.bak can be found in the archive backup_YYYY_MM_DD_hh_mm_ss.tar. -- "Feel free" – 10 GB Mailbox, 100 FreeSMS/Monat ... Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [SECURITY] Plain text password in Finjan Appliance 5100/8100 NG backup file finde_schwachstelle (Jul 11)