• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

iSCSI Insecure Configuration File Permissions Information Disclosure Vulnerability

iSCSI leaves administrative credentials stored in a world-readable configuration file.

The configuration file that iSCSI uses is stored in /etc/iscsi.conf. Reportedly, this file is installed, by default, with world readable and possibly world writeable permissions enabled. This may have some potentially serious consequences as the configuration file also stores password information in plain text.