The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager and Spacewalk uses world-readable permissions for /etc/auditlog-keeper.conf, which allows local users to obtain passwords by reading this file.
CWE-200 : Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Developers may insert sensitive information that they do not believe, or they might forget to remove the sensitive information after it has been processed Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party This term is frequently used in vulnerability advisories to describe a consequence or technical impact, for any vulnerability that has a loss of confidentiality. Often, CWE-200 can be misused to represent the loss of confidentiality, even when the mistake - i.e., the weakness - is not directly related to the mishandling of the information itself, such as an out-of-bounds read that accesses sensitive memory contents; here, the out-of-bounds read is the primary weakness, not the disclosure of the memory. In addition, this phrase is also used frequently in policies and legal documents, but it does not refer to any disclosure of security-relevant information. This is a frequently used term, however the "leak" term has multiple uses within security. In some cases it deals with the accidental exposure of information from a different weakness, but in other cases (such as "memory leak"), this deals with improper tracking of resources, which can lead to exhaustion. As a result, CWE is actively avoiding usage of the "leak" term. Enumeration of valid usernames based on inconsistent responses Account number enumeration via inconsistent responses. User enumeration via discrepancies in error messages. Telnet protocol allows servers to obtain sensitive environment information from clients. Script calls phpinfo(), revealing system configuration to web user Product sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs. Version control system allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned. Virtual machine allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method. Product immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack. POP3 server reveals a password in an error message after multiple APOP commands are sent. Might be resultant from another weakness. Program reveals password in error message if attacker can trigger certain database errors. Composite: application running with high privileges (CWE-250) allows user to specify a restricted file to process, which generates a parsing error that leaks the contents of the file (CWE-209). Direct request to library file in web application triggers pathname leak in error message. Malformed regexp syntax leads to information exposure in error message. Password exposed in debug information. FTP client with debug option enabled shows password to the screen. Collaboration platform does not clear team emails in a response, allowing leak of email addresses
|No known exploits|
Take a picture of your computer network in a few clicks !
The Sherlock® flash audit solution allows you to perform an audit to strengthen the security of your IT assets. Vulnerability analysis of your physical and virtual equipment. Patch planning by priority level and time available. Detailed and intuitive reporting.