SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Issue multiple certificates with Thawte SPKI
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  Tridion R5 Vendors:  Tridion BV
Tridion R5 Content Management System May Disclose Administrator Password to Local Users
SecurityTracker Alert ID:  1006651
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 28 2003
Impact:  Disclosure of authentication information
Version(s): SP2
Description:  A vulnerability was reported in the Tridion R5 content management system. A local user may be able to obtain the administrator's password.

SecurityFocus reported that the Tridion R5 content management system discloses plaintext passwords to local users. According to the report, Tridion R5 SP2 stores information in XML configuration files, including administrator passwords. A local user with the ability to view these files may be able to obtain the passwords. [Editor's note: The SecurityFocus report did not indicate what level of privilege is required to read the configuration files.]

The report credits Dev OXide <devoxide@odegard.it> with discovering this flaw, but did not indicate where the information had been posted.
Impact:  A local user with the ability to view the XML configuration files may be able to obtain the administrator's password.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.tridion.com/com/product/overview.asp (Links to External Site)
Cause:  Access control error
Underlying OS:  Linux (Red Hat), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (2000)

Message History:   None.

 Source Message Contents
Date:  Mon, 28 Apr 2003 00:05:17 -0400
Subject:  Tridion R5 vulnerability

 

http://www.tridion.com/com/product/overview.asp

Tridion BV

SecurityFocus reported that the Tridion R5 content management system discloses plaintext 
passwords to local users.  According to the report, Tridion R5 SP2 stores information in 
XML configuration files, including administrator passwords.  A local user with the ability 
to view these files may be able to obtain the passwords.

SecurityFocus credits Dev OXide <devoxide@odegard.it> with discovering this flaw, but did 
not indicate where the report was posted.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC