Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1550

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2001-1550
Last Modified 05 Sep 2008 04:26:50
Published 31 Dec 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-1550

Summary

CentraOne 5.2 and Centra ASP with basic authentication enabled creates world-writable base64 encoded log files, which allows local users to obtain cleartext passwords from decoded log files and impersonate users.

Vulnerable Systems

Application

  • Centra Asp

  • Centra Smart Connect Cen5.2-03

  • Centraone 5.2


References

XF - centraone-log-file-info(7820)

NTBUGTRAQ - 20011226 Dangerous information in CentraOne log files - VENDOR RESPONSE

BID - 3704

VULNWATCH - 20011217 Dangerous information in CentraOne Log files, possible user impersonation


Last Updated: 27 May 2016 10:36:42