|
Ozeki HTTP-SMS Gateway Password Disclosure Security Issue
|
|
Secunia Advisory:
|
SA23339
|
|
|
Release Date:
|
2006-12-20
|
|
Last Update:
|
2006-12-22
|
|
Popularity:
|
6,338 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Exposure of sensitive information
|
|
Where:
|
Local system
|
|
Solution Status:
|
Unpatched
|
|
| Software: | Ozeki HTTP-SMS Gateway 1.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2006-6674
|
|
Description:
basher13 has discovered a security issue in Ozeki HTTP-SMS Gateway, which can be exploited by malicious, local users to gain knowledge of sensitive information.
The problem is that usernames and passwords are stored in cleartext in the registry under "HKEY_LOCAL_MACHINE\Software\Ozeki\SMSServer\CurrentVersion\Plugins\httpsmsgate", which is readable by all user accounts on the system.
The security issue is confirmed in version 1.0. Other versions may also be affected.
Solution:
Set the proper permissions on the "Ozeki" registry key.
Provided and/or discovered by:
basher13
Changelog:
2006-12-22: Added CVE reference.
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
