Bugtraq mailing list archives
Re: cleartext passwords in Remedy processes' cores
From: jmurphy () cnu acsu buffalo edu (Joel Murphy)
Date: Fri, 15 Nov 1996 21:09:40 -0500
The security hole in Remedy's product is that a core dump of either the user processes (i.e. aruser, notifier) shows the user's password in clear text.
Anyone who is an administrator in Remedy can fetch any password in plain text from the server with a trivial program using the ARS api. It also has an annoying feature were the client tool by default saves your password to file in form that it knows how to decryt. Don't use passwords from other systems in Remedy... Joel Murphy
Current thread:
- cleartext passwords in Remedy processes' cores Peter A. Grina (Nov 13)
- Re: cleartext passwords in Remedy processes' cores Joel Murphy (Nov 15)