Caldera Volution Manager Default Cleartext Directory Administrator Password Vulnerability

Caldera has reported that Volution Manager 1.1 stores the Directory Administrator password in cleartext in the '/etc/ldap/sldap.conf' configuration file. While Volution Manager supports encrypted passwords, they are not enabled by default.

It should be noted that '/etc/ldap/sldap.conf' is not world-readable. The attacker may exploit another vulnerability to obtain the file contents.


Privacy Statement
Copyright 2010, SecurityFocus