Bugtraq mailing list archives

Re: Password issue in Axent ESM 5.0.1 Console

From: htoomey () AXENT COM (Harold Toomey)
Date: Fri, 14 Jan 2000 21:01:48 -0500


Todd Hathaway wrote:

Axent's latest release of its ESM product was redesigned and supposedly
revamped around it's new "Management Console".  The new management console
is based on an underlying Access Database.  The console is password
protected each time the application is launched.  However, when the user
wants to change the console password, the next time the application is
launched the database is inaccessible because the code does not update the
password on the database file.  It is reported that contact of Axent
resulted in being told to launch the MS Access DB file and disable

password

checking.


AXENT would like to clarify that this issue:
1) Does not compromise the security of ESM
2) Does not involve the underlying Access Database
3) Poses an inconvenience
4) Has a simple work-around

AXENT will have a fix available shortly, removing the inconvenience.

The Problem:
============
When changing the ESM console password, previously saved manager passwords
will become invalid.  This results in the error message "Error retrieving
<Domains/Policies/Policy Runs/Templates>: ! Invalid password" when
attempting to log into an ESM manager if you use the "Save name and
password" option in the manager login dialog.

The Work-Around:
================
1.  Log into the ESM console with the new password.

2.  Choose the "Connect as..." command from the pop-up menu by right
clicking on the ESM manager from which you received the above error.

3.  Enter the manager username and password in the manager login dialog that
is displayed, and check the "Save name and password" option.

4.  Repeat steps 2 and 3 for each ESM manager for which you want to save the
password.

5.  From this point on, the ESM console will operate normally.

The above issue does not compromise the security of the ESM manager or
console.  Only authenticated users can access ESM.  Please contact your
AXENT support representative if you have additional questions.

Harold Toomey
Technical Product Manager
AXENT Technologies, Inc.
htoomey () axent com

Current thread:

Re: Password issue in Axent ESM 5.0.1 Console Harold Toomey (Jan 14)
- <Possible follow-ups>
- Re: Password Issue in Axent ESM 5.0.1 Console Todd Hathaway (Jan 16)