Title: BindView NetInventory Password Retrieval Vulnerability
Severity: MODERATE
Description:
NETinventory is a commercial system inventory solution distributed and maintained by BindView. It is available for Microsoft Windows and MSDOS Operating Systems.
A problem with the program could make it possible for a local user to gain access to sensitive information. The problem is in the creation of the HOSTCFG._NI file.
A system monitored by NETinventory typically stores credentials on the local file system. These credentials are stored in the HOSTCFG._NI file, and are usually protected. The credentials stored in HOSTCFG._NI include passwords.
If the file is deleted and a new audit is initiated, the data stored in HOSTCFG._NI will be kept temporarily in the file 'HOSTCFG.INI' in plaintext.
This may result in a disclosure of sensitive information to an attacker.
The validity of this vulnerability has not been confirmed with BindView.
Affected Products:
- BindView NETinventory 1.0.0
- BindView NETrc 1.0.0
References:
- BindView: NETinventory Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
