Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: General :: web4959.htm

CentraOne stores usernames/passwords on client side log file



28th Dec 2001 [SBWID-4959]
COMMAND

	CentraOne stores usernames/passwords on client side log file

SYSTEMS AFFECTED

	 CentraOne v5.2 using Centra Smart Connect patch CEN5.2-03 (released November 11, 2001)

	 Centra ASP

PROBLEM

	In Centra Customer Support Team advisory :
	

	--snip--
	

	When the client launches, a log file  is  created  on  the  end  user\'s
	local PC. If the user is connecting through a proxy  server  with  Basic
	Authentication enabled, the log  file  contains  information  about  the
	proxy server including a base64  encoded  username  /  password  string.
	This information could be used to launch an impersonation attack  by  an
	individual who has physical access to the log files on the  end  user\'s
	client PC.
	

	--snap--

SOLUTION

	-  Upgrade  to  CentraOne  5.3  General  Availability,  which   is   not
	susceptible to this problem and is available from Centra today.
	

	- Install the patch designed to address this, which  will  be  available
	for download from the Centra customer support  web  site  on  or  before
	Friday, January 4.
	

	- Centra will be adding a patch to the Centra eMeeting  ASP  service  to
	address this bug.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH