Novell GroupWise Lets Remote Users Conduct Man-in-the-Middle Attacks to Obtain Authentication Credentials
|
|
SecurityTracker Alert ID: 1018180 |
|
SecurityTracker URL: http://securitytracker.com/id/1018180
|
|
CVE Reference:
CVE-2007-2513
(Links to External Site)
|
Date: Jun 1 2007
|
Impact:
Disclosure of authentication information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 6.5, 7
|
Description:
A vulnerability was reported in Novell GroupWise. A remote user can conduct man-in-the-middle attacks.
A remote user can exploit a vulnerability to intercept authentication credentials by conducting a man-in-the-middle attack.
Both clients and servers are affected.
Andreas Schmidt, cirosec GmbH discovered this vulnerability.
|
Impact:
A remote user can conduct man-in-the-middle attacks to obtain authentication credentials.
|
Solution:
The vendor has issued fixed versions (7 SP2 dated May 24, 2007 or later, 6.5 post-SP6 dated May 22, 2007 or later).
The Novell advisory is available at:
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3382383&sliceId=SAL_Public
|
Vendor URL: www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3382383&sliceId=SAL_Public (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (OS X), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 31 May 2007 22:18:05 -0400
Subject: Novell GroupWise
|
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3382383&sliceId=SAL_Public
CVE-2007-2513
|
|
