Title: Netopia Timbuktu Cleartext Username/Password Vulnerability
Severity: HIGH
Description:
Netopia's Timbuktu Pro is a remote administration software package which runs on Microsoft Windows NT (among other platforms). When a user of a Windows NT host logs into their machine remotely via Timbuktu Pro, the username and password of the user are sent to the host for authentication in cleartext (unencrypted). This allows for anyone who is sniffing network traffic to retrieve the username and password pair, exactly as were typed in by the user, and access the host being logged into as the user logging in (and possibly compromise the entire machine).
Affected Products:
- Netopia Timbuktu Pro 2.0.0
- Netopia Timbuktu Pro 3.0.0
References:
- Netopia: Netopia TB2 Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
