|
Family: Windows --> Category: infos
DameWare Mini Remote Control Authentication Credentials Persistence Weakness Vulnerability Scan
Vulnerability Scan Summary Checks for authentication credentials persistence weakness in DameWare Mini Remote Control
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote Windows host contains an application that is prone to an
information disclosure issue.
Description :
According to its version number, the copy of DameWare Mini Remote
Control installed on the remote host allows a local user to recover
authentication credentials because the application stores sensitive
information in memory as plain text - username, password, hostname,
etc in the case of the 'DWRCC' client process and username (but not
password) and authentication type in the case of the 'DWRCS' server
process.
See also :
http://www.shellsec.net/leer_advisory.php?id=7
http://archives.neohapsis.com/archives/bugtraq/2005-04/0225.html
http://www.dameware.com/support/security/bulletin.asp?ID=SB5
Solution :
Upgrade to DameWare Mini Remote Control 3.80 / 4.9 or later.
Threat Level:
Low / CVSS Base Score : 2
(AV:L/AC:H/Au:R/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|