lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <200310311321.h9VDLNPm014819@mailserver1.hushmail.com>
From: t4rku5 at hushmail.com (t4rku5@...hmail.com)
Subject: Installation Security Issue for DATEV IDVS

Topic: Installation Security Issue for DATEV IDVS 

Release Date: 2003-10-31


Affected Software: 
================== 

- Eigenorganisation comfort (IDVS) 
- Eigenorganisation classic (IDVS) 


Unaffected Software: 
==================== 

- none known 



Summary: 
======== 

DATEV eG is a German Company, which makes Software for tax advisors and


lawyers. 

During installation/Update of IDVS,sensitive database administrator logon


information may be captured in the installation log file. 


Issue: 
====== 

The installation program for IDVS records installation/update data into

a 
log file for troubleshooting purposes related to product installation.

This 
file generally contains basic information about installation/update options

and installation/update processes. User name and password information

related 
to the data base account are captured in the log file. The user name

and 
password is used to connect to the database. 


Workaround: 
=========== 

Remove the installation log files after successfully installing/updating


Eigenorganisation (IDVS). The IDVS installation log files (file names


<LW:>\DATEV\LOG\IDVS\SRV\PostRep*.log | PostUpd*.log | PreRep*.log |


PreUpd*.log) is located in the DATEV log directory. The administrator

should 
delete this file once installation has completed 

This file may be deleted using Windows Explorer or may be deleted by

starting 
a Command Prompt and typing the following command: 

del <LW:>\DATEV\LOG\IDVS\SRV\Post*.log 
del <LW:>\DATEV\LOG\IDVS\SRV\Pre*.log 


Credits: 
======== 

Discovered by t4rku5 




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ