Insecure Credential Storage in GFI Languard Network Security Scanner by GFI
CVE-2005-0604

Currently unrated

Key Information:

Vendor: Gfi
Status: Languard Network Security Scanner
Vendor: CVE Published:; 2 May 2005

What is CVE-2005-0604?

The GFI Languard Network Security Scanner 5.0 has a security flaw where the lnss.exe component stores sensitive user credentials, including usernames and passwords, in memory without any encryption. This poses a significant risk as local administrators can easily retrieve this information from memory, potentially compromising domain administrator credentials and leading to unauthorized access within the network. Organizations using this software should take immediate action to mitigate this vulnerability.

References

http://www.hat-squad.com/en/000160.html

x_refsource_MISC

http://marc.info/?l=bugtraq&m=110961644621528&w=2

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
May 2, 2005
Vulnerability Reserved
Mar 1, 2005

Gfi

What is CVE-2005-0604?

References

Timeline