• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Nortel Contivity VPN Client Local Password Disclosure Weakness

Nortel Contivity VPN Client for Microsoft Windows platforms is reported prone to a local pre-shared key (password) disclosure weakness. It is reported that the VPN user and group password is stored in the memory image of the process in plain-text format.

Credentials that are harvested through the exploitation of this weakness may then be used to aid in further attacks.

This weakness is reported to affect Nortel Contivity VPN Client version 5.01 for Microsoft Windows, versions for the Linux platform are not reported to be vulnerable. Other versions might also be affected.