OSVDB ID: 86410

Title: Novell ZENworks Asset Management rtrlet Component Multiple Method Hardcoded Credentials Information Disclosure

Info

Disclosure

Oct 15, 2012

Discovery

Aug 09, 2012

Dates

Exploit

Oct 15, 2012

Solution

Unknown

Description

Novell ZENworks Asset Management contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by the HandleMaintenanceCalls, GetFile_Password, and GetConfigInfo methods containing hardcoded credentials. This may allow a remote attacker to gain access to any file on the system via the GetFile_Password method, and gain access to the ZENworks Asset Management configuration parameters as well as the back-end system credentials via the GetConfigInfo_Password method.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management, Information Disclosure
Impact: Loss of Confidentiality
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure
OSVDB: Web Related

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

Novell, Inc.

ZENWorks Asset Management

7.5

References

Security Tracker: 1027682
CVE ID: 2012-4933 (see also: NVD)
CERT VU: 332412
Secunia Advisory ID: 50967
Other Advisory URL: https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-novell-zenworks

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/86410