Local File Information Disclosure in Novell Identity Manager Client Login Extension
CVE-2007-4526

Currently unrated

Key Information:

Vendor: Novell
Status: Client Login Extension \(cle\); Identity Manager
Vendor: CVE Published:; 25 August 2007

What is CVE-2007-4526?

The Client Login Extension in Novell Identity Manager versions prior to 3.5.1 exposes sensitive user credentials by storing them unprotected in a local file. This design flaw enables local users to access these credentials through file reading, possibly leading to unauthorized access or further exploitation of the affected system. Organizations utilizing this software should assess their security measures and consider upgrading to secure versions to mitigate this risk.

References

https://secure-support.novell.com/KanisaPlatform/Publishi...

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2007/2957

vdb-entryx_refsource_VUPEN

http://osvdb.org/37320

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 25, 2007
Vulnerability Reserved
Aug 24, 2007

JSON