Vulnerabilities > CVE-2010-3264 - Credentials Management vulnerability in Novell Identity Manager 3.6.1

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

novell

CWE-255

NVD

Published: 2010-09-08

Updated: 2010-09-09

Summary

The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores admin tree credentials in /tmp/idmInstall.log, which allows local users to obtain sensitive information by reading this file.

Vulnerable Configurations

Part	Description	Count
Application	Novell Novell Identity Manager 3.6.1	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://secunia.com/advisories/41194
http://www.novell.com/support/viewContent.do?externalId=7006705
http://www.vupen.com/english/advisories/2010/2226