lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060711103413.196590@gmx.net>
Date: Tue Jul 11 12:01:27 2006
From: finde_schwachstelle at gmx.net (finde_schwachstelle@....net)
Subject: [SECURITY] Plain text password in Finjan
 Appliance 5100/8100 NG backup file

Plain text password in backup file ( Finjan Appliance 5100/8100 NG)
The Version 8.3.5 is affected.

In the new console function backup and restore the passwords are saved as plain text. 

The Finjan Appliance uses a Firebird database. The backup saves the database as text file. 
Samba and FTP passwords can be found in the text file. 


Example file ps.fdb.bak (user: testuser password: test1234):
-----------------------------------------------------------

.
<archive location="//test/temp" method="SAMBA" user="test/testuser" password="test1234"/><archive_fields>
.

-----------------------------------------------------------

The file ps.fdb.bak can be found in the archive backup_YYYY_MM_DD_hh_mm_ss.tar. 
-- 


"Feel free" ? 10 GB Mailbox, 100 FreeSMS/Monat ...
Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ