Vulnerabilities > CVE-2000-0572 - Unspecified vulnerability in Visible Systems Razor 4.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN visible-systems
exploit available
Summary
The Razor configuration management tool uses weak encryption for its password file, which allows local users to gain privileges.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Visible Systems Razor 4.1 Password File Vulnerability (1). CVE-2000-0572 . Local exploit for unix platform id EDB-ID:20056 last seen 2016-02-02 modified 2000-06-16 published 2000-06-16 reporter pbw source https://www.exploit-db.com/download/20056/ title Visible Systems Razor 4.1 Password File Vulnerability 1 description Visible Systems Razor 4.1 Password File Vulnerability (2). CVE-2000-0572 . Local exploit for unix platform id EDB-ID:20058 last seen 2016-02-02 modified 2000-06-15 published 2000-06-15 reporter Shawn A. Clifford source https://www.exploit-db.com/download/20058/ title Visible Systems Razor 4.1 Password File Vulnerability 2
Statements
contributor | Al Menendez |
lastmodified | 2007-02-22 |
organization | Razor |
statement | Subsequent releases of Razor address this issue and utilize a more robust encryption mechanism for the Razor password. If you are under maintenance, you have the option of upgrading to a more recent release of Razor at no cost. If you are not under maintenance and want to upgrade then you will need to contact Jennifer Stone at [email protected]. Some additional notes ... - With version 4.1 and above, administrators of Razor may switch and use the local OS authentication instead of Razor’s authentication method. - OS permissions and protections always apply to the artifacts stored in the database. - This notice applies to users that have already logged into the supporting system. This primary means of defense is intact inspite of this particular vulnerability. - The next Razor release (due out in mid-2007) will allow remote UNIX clients to utilize SSH to authenticate the remote user. More information on this release and others may be found on the Visible Systems web site: http://www.visible.com/Products/Razor Please contact Visible Systems Corporation at 1-800-6-VISIBLE if you have additional questions. |