In January, a bug in NETinventory was discovered when the product is used in conjuction with NETrc. When using these two products, NETinventory writes a file named hostcfg._ni that is stored on the machine, which contains the encrypted NETrc password. A user can delete that file, then force a new audit from the netlogon directory. When this occurs, NETinventory looks for that file, and if it is not present, rewrites the file. During the rewrite, the file is stored as hostcfg.ini until the audit is completed, which means that the password is in clear text until the audit is completed. Although this process takes only a matter of seconds, requires physical access to the machine, and will only provide access to the NETrc proxy, it is a security flaw that BindView is aware of and addressing at this moment. A fix has been available since January 30th for this issue at: ftp://ftp.bindview.com/Products/NETrc/NETinventory_NETrc_HotFix.zip. ----- Scott Blake VP, Information Security BindView Corporation
This archive was generated by hypermail 2b30 : Wed Feb 13 2002 - 17:45:32 PST