| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: computerguy at cfl.rr.com (~Kevin DavisĀ³) Subject: NessusWX stores credentials in plain text Software Vendor: NessusWX (nessuswx.nessus.org) Software Package: NessusWX Versions Affected: 1.4.4 and possibly earlier versions Synopsis: Username and password for various accounts stored in unencrypted plain text Issue Date: Feb 22, 2004 Vendor Response: Vendor notified December 4, 2003 Vendor claiming to be working on issue ================================================================================ 1. Summary NesussWX is a GPL Windows client for the open source Nessus Vulnerability scanner. NessusWX stores the credentials of various types of accounts in unencrypted plain text in a configuration file. 2. Problem Description The user saves specific scan configuration settings in sessions created within NessusWX. For every session a directory is created named the same as the session name with a .session appended to it. For instance in the case of a session named MySession, the default location for the session configuration files would be in the directory C:\NessusDB\MySession.session. Every session can save unique Nessus plugin configuration settings. Among these are username/password settings for various types of accounts. These options are accessed by selecting a session, and then in the main menu under "Session" selecting the "Properties" submenu. This will display a multi-tabbed dialog. Select the "Plugins" tab and then click on the "Configure Plugins" button. A listbox will be displayed and near the bottom of the list there will be an item named "Login Configurations". When the user saves this logon information, both the usernames and passwords are saved in plaintext in the above specified path in a file named preferences. Further,after this information is saved to the file, if the user goes back and removes this information using the GUI, the user interface indicates that the information has been removed but this is misleading because it is still retained in the configuration file. This behavior is somewhat inconsistent. Sometimes the entire username/password data is retained in the file and sometimes the first character of each is removed. When setting these parameters, the user is also not informed of this sensitive information being stored insecurely. This potentially affects the following types of accounts: FTP IMAP POP2 POP3 NNTP SNMP SMB (Windows NT Domain) 3. Solution None at this time. The vendor agreed to fix the problem by allowing the user to password protect the data and also have the data removed properly. It has been over 60 days and the patch has not been made available. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040327/1413b4d6/attachment.html
Powered by blists - more mailing lists