SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

Report a Vulnerability

 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#139139

Air Messenger LAN Server (AMLServer) stores usernames and passwords in plaintext

Overview

Air Messenger LAN Server (AMLServer) stores usernames and passwords in plaintext.

I. Description

AMLServer for windows is a paging gateway that allows users on a TCP/IP LAN to communicate with mobile devices such as phones and pagers. Access to AMLServer's services is protected by a user authentication system that stores usernames and passwords in a plaintext file.

II. Impact

If an attacker can view the AMLServer password file (through direct access or another vulnerability), they can login as any AMLServer user.

III. Solution

Apply a patch when one is available. The CERT/CC is currently unaware of a practical solution to this problem.

None.

Systems Affected

VendorStatusDate NotifiedDate Updated
Internet Software SolutionsVulnerable25-Oct-2001

References

http://www.securityfocus.com/bid/2882

Credit

Thanks to SNS Research for discovering this vulnerability.

This document was written by Shawn Van Ittersum.

Other Information

Date Public:2001-06-18
Date First Published:2001-10-25
Date Last Updated:2001-10-25
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Severity Metric:0.07
Document Revision:9

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2001 Carnegie Mellon University
Disclaimers and copyright information
Get a PDF Reader