Alchemy Remote Network Log Viewing Vulnerability

Alchemy is a Eye and Alchemy Network Monitor are both products based off the Alchemy Eye network management and server monitoring tool.

Alchemy Eye based products include an HTTP server, which is started by default. However, the web server does not set a password by default. This makes it possible for any user to connect to the web server and view log files. These log files may contain sensitive information about network structure, or other hosts on the network.

This problem makes it possible for a remote user to launch an information gathering attack, and could lead to organized attack against network resources.


 

Privacy Statement
Copyright 2010, SecurityFocus