Weak Logging in POP Server Configuration for HP OpenVMS 8.3
CVE-2007-3730

Currently unrated

Key Information:

Vendor: HP
Status: Openvms
Vendor: CVE Published:; 12 July 2007

Summary

The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 lacks essential logging features. Specifically, it fails to record the source IP address and attempted username during login attempts. This oversight can be exploited by remote attackers, allowing them to bypass identification and monitoring, thereby increasing the risk of unauthorized access and malicious activity.

References

http://groups.google.com/group/comp.os.vms/browse_thread/...

x_refsource_MISC

http://osvdb.org/37810

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/25882

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jul 12, 2007
Vulnerability Reserved
Jul 12, 2007