Secunia
Login
|
|
|
|
|
|
|
|
|
Novell Client Challenge Response Client Clipboard Disclosure Weakness
Release Date: 2008-02-05 Last Update: 2008-02-12 Views: 7,591
Secunia Advisory SA28792
Where:
Local system
Impact:
Exposure of sensitive information,
Solution Status:
Vendor Patch
CVE Reference(s):
Description
A weakness has been reported in the Challenge Response Client included in Novell Client, which can be exploited by malicious, local users to disclose potentially sensitive information.
The weakness is caused due to the Challenge Response Client allowing a user to paste the contents of the clipboard to the Challenge Question dialog box when the system is locked.
This may be related to:
SA20194
The weakness is reported in Challenge Response Client 2.7.5 included in Novell Client 4.91 SP4. Prior versions may also be affected.
Solution:
Update to Challenge Response Client version 2.7.6 FTF or later.
Provided and/or discovered by:
Reported by the vendor.
Original Advisory:
https://secure-support.novell.com/KanisaPlatform/Publishing/686/3726376_f.SAL_Public.html
Deep Links:
Links available to Secunia VIM customers
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com
Subject: Novell Client Challenge Response Client Clipboard Disclosure Weakness
|
No posts yet |
|
You must be logged in to post a comment. |
