Vulnerabilities > CVE-2009-2358 - Credentials Management vulnerability in Yasinkaplan Tekradius 3.0
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
TekRADIUS 3.0 uses BUILTIN\Users:R permissions for the TekRADIUS.ini file, which allows local users to obtain obfuscated database credentials by reading this file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Seebug
bulletinFamily | exploit |
description | CVE(CAN) ID: CVE-2009-2357,CVE-2009-2358,CVE-2009-2359 TekRadius是一个免费的RADIUS服务器,可以支持RFC 2865和RFC 2866规范。 1) TekRADIUS的默认配置使用sa账号与Microsoft SQL Server通讯,远程攻击者可以相对较容易的获得对数据库的特权访问。 2) TekRADIUS将数据库凭据存储在了C:\Program Files\TekRADIUS\TekRADIUS.ini文件中。任何Windows本地用户都可以访问这个文件,读取加密了的凭据。 3) 可通过GUI或命令行客户端管理TekRADIUS。根据设计,非特权Windows用户仅有有限的功能以防范某些更改。但如果用户在对话框或命令行中提及了恶意参数请求,就可以通过SQL注入攻击对数据库执行非授权操作。 Yasin KAPLAN TekRADIUS 3.0 厂商补丁: Yasin KAPLAN ------------ 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.tekradius.com/ |
id | SSV:11784 |
last seen | 2017-11-19 |
modified | 2009-07-10 |
published | 2009-07-10 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-11784 |
title | TekRADIUS SQL注入及不安全权限漏洞 |