[guru] [finde_schwachstelle@gmx.net: [SECURITY] Plain text password in Finjan Appliance 5100/8100 NG backup file]
DATE: Thu, 03 Aug 2006 13:49:06 +0200
A Finjan Appliance a backup állományban nyílt formában tárolja a jelszót,
ez pedig közismerten gondokat okozhat.
----- Forwarded message from finde_schwachstelle@gmx.net -----
Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Date: Tue, 11 Jul 2006 12:34:13 +0200
From: finde_schwachstelle@gmx.net
Subject: [SECURITY] Plain text password in Finjan Appliance 5100/8100 NG backup
file
To: support@finjan.com
Plain text password in backup file ( Finjan Appliance 5100/8100 NG)
The Version 8.3.5 is affected.
In the new console function backup and restore the passwords are saved as plain text.
The Finjan Appliance uses a Firebird database. The backup saves the database as text file.
Samba and FTP passwords can be found in the text file.
Example file ps.fdb.bak (user: testuser password: test1234):
-----------------------------------------------------------
.
<archive location="//test/temp" method="SAMBA" user="test/testuser" password="test1234"/><archive_fields>
.
-----------------------------------------------------------
The file ps.fdb.bak can be found in the archive backup_YYYY_MM_DD_hh_mm_ss.tar.
--
"Feel free" ??? 10 GB Mailbox, 100 FreeSMS/Monat ...
Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail
----- End forwarded message -----