Vulnerabilities > CVE-2006-5303 - RemoteAccess Local Information Disclosure vulnerability in Securecomputing Safeword Remoteaccess 2.1

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

securecomputing

NVD

Published: 2006-10-17

Updated: 2017-07-20

Summary

Secure Computing SafeWord RemoteAccess 2.1 allows local users to obtain the UserCenter webportal password, database encryption keys, and signing keys by reading (1) base-64 encoded data in SERVERS\Web\Tomcat\usercenter\WEB-INF\login.conf and (2) plaintext data in SERVERS\Shared\signers.cfg. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Vulnerable Configurations

Part	Description	Count
Application	Securecomputing Securecomputing Safeword Remoteaccess 2.1	1

References

http://secunia.com/advisories/22081
http://www.securityfocus.com/bid/20509
https://exchange.xforce.ibmcloud.com/vulnerabilities/29515