CVE-2006-5303

Secure Computing SafeWord RemoteAccess 2.1 allows local users to obtain the UserCenter webportal password, database encryption keys, and signing keys by reading (1) base-64 encoded data in SERVERSWebTomcatusercenterWEB-INFlogin.conf and (2) plaintext data in SERVERSSharedsigners.cfg. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Score2.1
Access VectorLOCAL
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactNONE
Availability ImpactNONE
Published2006-10-17 11:07:00.000-04
Last Modified2017-07-19 09:33:40.000-04

Vulnerable Software List

VendorProductVersions
Securecomputing Safeword Remoteaccess 2.1

References

SourceLink
BID20509
XFsafeword-login-signer-information-disclosure(29515)