lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: computerguy at cfl.rr.com (~Kevin DavisĀ³)
Subject: NEWT Scanner stores credentials in plain text

I have posted this issue to a couple entities like NTbugtraq and CERT with no response.  Please read below...


Software Vendor: Tenable Security (www.tenablesecurity.com)
Software Package: Newt 
Versions Affected: 1.4 and earlier (and possibly 1.5)
Synopsis: Username and password for various accounts stored in unencrypted plain text

Issue Date: Feb 22, 2004

Vendor Response: Vendor notified December 4, 2003
   Vendor declined to resolve issue 

================================================================================

1. Summary

NEWT is a commercial Windows port of the open source Nessus Vulnerability scanner by
Tenable security.  Newt stores the credentials of various types of accounts in 
unencrypted plain text in a configuration file. 

2. Problem Description

The config.xml files stores username and password information for various types 
of accounts in unencrypted plain text.  Those parameters are typically set from 
the NEWT Scanner interface.  When setting these parameters, the user is also not 
informed of this sensitive information being stored insecurely.  This potentially 
affects the following types of accounts:

FTP
IMAP
POP2
POP3
NNTP
SNMP
SMB (Windows NT Domain)

Typically this config file is stored locally at the following location:

\Documents and Settings\<Username>\Tenable\NeWT\config\config.xml

3. Solution

None at this time.  A lengthy discussion with the vendor resulted in the vendor's 
decision that this was not a security risk that warrants resolution on. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040327/8203c14f/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ