Vulnerabilities > CVE-2000-0572 - Unspecified vulnerability in Visible Systems Razor 4.1

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
visible-systems
exploit available
NVD
Published: 2000-07-05
Updated: 2023-11-07

Summary

The Razor configuration management tool uses weak encryption for its password file, which allows local users to gain privileges.

Vulnerable Configurations

Part Description Count
Application
Visible_Systems
1

Exploit-Db

  • descriptionVisible Systems Razor 4.1 Password File Vulnerability (1). CVE-2000-0572 . Local exploit for unix platform
    idEDB-ID:20056
    last seen2016-02-02
    modified2000-06-16
    published2000-06-16
    reporterpbw
    sourcehttps://www.exploit-db.com/download/20056/
    titleVisible Systems Razor 4.1 Password File Vulnerability 1
  • descriptionVisible Systems Razor 4.1 Password File Vulnerability (2). CVE-2000-0572 . Local exploit for unix platform
    idEDB-ID:20058
    last seen2016-02-02
    modified2000-06-15
    published2000-06-15
    reporterShawn A. Clifford
    sourcehttps://www.exploit-db.com/download/20058/
    titleVisible Systems Razor 4.1 Password File Vulnerability 2

Statements

contributorAl Menendez
lastmodified2007-02-22
organizationRazor
statementSubsequent releases of Razor address this issue and utilize a more robust encryption mechanism for the Razor password. If you are under maintenance, you have the option of upgrading to a more recent release of Razor at no cost. If you are not under maintenance and want to upgrade then you will need to contact Jennifer Stone at [email protected]. Some additional notes ... - With version 4.1 and above, administrators of Razor may switch and use the local OS authentication instead of Razor’s authentication method. - OS permissions and protections always apply to the artifacts stored in the database. - This notice applies to users that have already logged into the supporting system. This primary means of defense is intact inspite of this particular vulnerability. - The next Razor release (due out in mid-2007) will allow remote UNIX clients to utilize SSH to authenticate the remote user. More information on this release and others may be found on the Visible Systems web site: http://www.visible.com/Products/Razor Please contact Visible Systems Corporation at 1-800-6-VISIBLE if you have additional questions.

References