Cleartext Password Storage Vulnerability in Dell KACE Deployment Appliance
CVE-2011-4046

Currently unrated

Key Information:

Vendor: Dell
Status: Kace K2000 Systems Deployment Appliance
Vendor: CVE Published:; 12 November 2011

Summary

The Dell KACE K2000 System Deployment Appliance contains a security flaw where the recovery account password is stored in cleartext within a PHP script. This design vulnerability permits context-dependent attackers to access the source code of the script, leading to the potential exposure of sensitive information. Proper mitigation strategies must be employed to prevent unauthorized access to critical data stored in such an insecure manner.

References

http://www.kb.cert.org/vuls/id/135606

third-party-advisoryx_refsource_CERT-VN

http://www.kace.com/support/kb/index.php?action=artikel&i...

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 12, 2011