Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2977

Overview

Vulnerability Score 3.3 3.3
CVE Id CVE-2009-2977
Last Modified 04 Sep 2009 01:28:52
Published 27 Aug 2009 01:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector ADJACENT_NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-2977

Summary

The Cisco Security Monitoring, Analysis and Response System (CS-MARS) 6.0.4 and earlier stores cleartext passwords in log/sysbacktrace.## files within error-logs.tar.gz archives, which allows context-dependent attackers to obtain sensitive information by reading these files.

Vulnerable Systems


References

XF - csmars-sysbacktrace-info-disclosure(52913)

VUPEN - ADV-2009-2364

BID - 36098

BUGTRAQ - 20090821 Re: Clear Text Storage of Password in CS-MARS v6.0.4 and Earlier

BUGTRAQ - 20090821 Clear Text Storage of Password in CS-MARS v6.0.4 and Earlier

CONFIRM - http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtb52450


Last Updated: 27 May 2016 10:51:06