iPlanet Calendar Server Plaintext Admin Password Vulnerability

iPlanet Calendar Server Plaintext Admin Password Vulnerability

iPlanet's Calendar Server provides enterprise-wide calendar/planner sharing services.

Versions of Calendar Server store the username and password for the NAS LDAP database's adminstration account in a file which can be read by arbitrary users.

The NAS LDAP database stores sensitive systsem information such as userids, passwords, access control lists and authentication certificates.

If obtained by a malicious user, this data could be used to effect a wide array of compromises of the host.