CVE-2006-4642

AuditWizard 6.3.2, when using "Remote Audit," logs the administrator password in plaintext to LaytonCmdSvc.log, which allows local users to obtain sensitive information by reading the file.

CVSS v2.0 1.7 LOW

1.7^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 3.1 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/21773	Vendor Advisory
http://securityreason.com/securityalert/1525
http://securitytracker.com/id?1016795	Exploit
http://www.securityfocus.com/archive/1/445220/100/0/threaded
http://www.securityfocus.com/bid/19860
http://www.vupen.com/english/advisories/2006/3498
https://exchange.xforce.ibmcloud.com/vulnerabilities/28743

Configurations

Configuration 1 (hide)

cpe:2.3:a:auditwizard:auditwizard:6.3.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-09-08 21:04

Updated : 2018-10-17 21:38

NVD link : CVE-2006-4642

Mitre link : CVE-2006-4642

CVE.ORG link : CVE-2006-4642

JSON object : View

Products Affected

auditwizard

auditwizard

CWE

NVD-CWE-Other

1.7 /10