• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Castelle Faxpress Plaintext Password Disclosure Vulnerability

Castelle FaxPress is an integrated solution for a network fax environment. FaxPress is a hardware and software server providing fax functionality, and is designed to integrate with Microsoft Windows, Novell NetWare, and Linux based systems.

When a network print job is submitted with an incorrect password, the FaxPress notice system is used to send an error message back to the client. This message includes the submitted username and password in plaintext, possibly leading to the disclosure of sensitive information.