Information Exposure in Novell Identity Manager 3.6.1
CVE-2010-3264

Currently unrated

Key Information:

Vendor: Novell
Status: Identity Manager
Vendor: CVE Published:; 8 September 2010

Summary

In Novell Identity Manager version 3.6.1, the engine installer improperly stores administrative tree credentials in the /tmp/idmInstall.log file. This misconfiguration allows local users to access and read the log file, potentially exposing sensitive information related to administrative credentials, which could be exploited to gain unauthorized access to sensitive areas of the system.

References

http://www.novell.com/support/viewContent.do?externalId=7...

x_refsource_CONFIRM

http://secunia.com/advisories/41194

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2010/2226

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 8, 2010