>> BEA Tuxedo Multiple Command Application and User Password Disclosure Vulnerability
Title : BEA Tuxedo Multiple Command Application and User Password Disclosure Vulnerability VUPEN ID : VUPEN/ADV-2007-1813 CVE ID : CVE-2007-5576
Rated as : Low Risk
Remotely Exploitable : No Locally Exploitable : Yes Release Date : 2007-05-15
Technical Description
A vulnerability has been identified in BEA Tuxedo, which could be exploited by malicious users to gain knowledge of sensitive information. This issue is caused by errors in the "cnsbind", "cnsunbind" and "cnsls" commands that echo in clear text the password supplied by the user running these commands, which could be exploited by local attackers to obtain the password and use it later to impersonate the user and access a vulnerable application.
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
