Local User Credential Exposure in TIBCO RendezVous by TIBCO Software Inc.
CVE-2006-4676

Currently unrated

Key Information:

Vendor: Tibco
Status: Rendezvous
Vendor: CVE Published:; 11 September 2006

Summary

TIBCO RendezVous versions up to 7.4.11 exhibit a vulnerability where usernames and passwords are logged in a base64-encoded format within the rvrd.db file. This improper logging allows local users to access sensitive credentials by decoding the log data, leading to potential unauthorized access or data breaches. Organizations using affected versions should consider reviewing their logging practices and implementing measures to restrict access to sensitive log files.

References

http://secunia.com/advisories/21748

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/19883

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2006/3497

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Sep 11, 2006
Vulnerability Reserved
Sep 11, 2006