Full Disclosure mailing list archives
Installation Security Issue for DATEV IDVS
From: <t4rku5 () hushmail com>
Date: Fri, 31 Oct 2003 05:21:23 -0800
Topic: Installation Security Issue for DATEV IDVS Release Date: 2003-10-31 Affected Software: ================== - Eigenorganisation comfort (IDVS) - Eigenorganisation classic (IDVS) Unaffected Software: ==================== - none known Summary: ======== DATEV eG is a German Company, which makes Software for tax advisors and lawyers. During installation/Update of IDVS,sensitive database administrator logon information may be captured in the installation log file. Issue: ====== The installation program for IDVS records installation/update data into a log file for troubleshooting purposes related to product installation. This file generally contains basic information about installation/update options and installation/update processes. User name and password information related to the data base account are captured in the log file. The user name and password is used to connect to the database. Workaround: =========== Remove the installation log files after successfully installing/updating Eigenorganisation (IDVS). The IDVS installation log files (file names <LW:>\DATEV\LOG\IDVS\SRV\PostRep*.log | PostUpd*.log | PreRep*.log | PreUpd*.log) is located in the DATEV log directory. The administrator should delete this file once installation has completed This file may be deleted using Windows Explorer or may be deleted by starting a Command Prompt and typing the following command: del <LW:>\DATEV\LOG\IDVS\SRV\Post*.log del <LW:>\DATEV\LOG\IDVS\SRV\Pre*.log Credits: ======== Discovered by t4rku5 Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Installation Security Issue for DATEV IDVS t4rku5 (Oct 31)