Novell Modular Authentication Service Challenge Response Client Discloses Clipboard Contents to Local Users
|
|
SecurityTracker Alert ID: 1019304 |
|
SecurityTracker URL: http://securitytracker.com/id/1019304
|
|
CVE Reference:
CVE-2008-0663
(Links to External Site)
|
Updated: Feb 17 2008
|
Original Entry Date: Feb 5 2008
|
Impact:
Disclosure of system information, Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): Challenge Response Client 2.7.5, and prior versions
|
Description:
A vulnerability was reported in the Novell Modular Authentication Service Challenge Response Client. A local user can obtain the clipboard contents on a locked system.
A local user can paste the contents of the clipboard into the "Challenge Question" field on a locked system.
|
Impact:
A local user can obtain the clipboard contents on a locked system.
|
Solution:
The vendor has issued a fix (Challenge Response Client 2.7.6 FTF).
The Novell advisory is available at:
https://secure-support.novell.com/KanisaPlatform/Publishing/686/3726376_f.SAL_Public.html
|
Vendor URL: secure-support.novell.com/KanisaPlatform/Publishing/686/3726376_f.SAL_Public.html (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Windows (2003), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 5 Feb 2008 10:44:03 -0500
Subject: Novell Challenge Response Client - Novell Modular Authentication Services
|
https://secure-support.novell.com/KanisaPlatform/Publishing/686/3726376_f.SAL_Public.html
|
|
