Novell ZENworks Asset Management contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by the HandleMaintenanceCalls, GetFile_Password, and GetConfigInfo methods containing hardcoded credentials. This may allow a remote attacker to gain access to any file on the system via the GetFile_Password method, and gain access to the ZENworks Asset Management configuration parameters as well as the back-end system credentials via the GetConfigInfo_Password method.
Remote / Network Access
Loss of Confidentiality
OSVDB is not aware of a solution for this vulnerability.