Vulnerabilities > CVE-2005-2962 - Unspecified vulnerability in Ntlmaps
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The post-installation script for ntlmaps before 0.9.9 sets world-readable permissions for the configuration file, which allows local users to obtain the username and password.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | Debian Local Security Checks |
| NASL id | DEBIAN_DSA-830.NASL |
| description | Drew Parsons noticed that the post-installation script of ntlmaps, an NTLM authorisation proxy server, changes the permissions of the configuration file to be world-readable. It contains the user name and password of the Windows NT system that ntlmaps connects to and, hence, leaks them to local users. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 19799 |
| published | 2005-10-05 |
| reporter | This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/19799 |
| title | Debian DSA-830-1 : ntlmaps - wrong permissions |