Air Messenger LAN Server (AMLServer) stores usernames and passwords in plaintext.
AMLServer for windows is a paging gateway that allows users on a TCP/IP LAN to communicate with mobile devices such as phones and pagers. Access to AMLServer's services is protected by a user authentication system that stores usernames and passwords in a plaintext file.
If an attacker can view the AMLServer password file (through direct access or another vulnerability), they can login as any AMLServer user.
Apply a patch when one is available. The CERT/CC is currently unaware of a practical solution to this problem.
Internet Software Solutions
Thanks to SNS Research for discovering this vulnerability.
This document was written by Shawn Van Ittersum.
|Date First Published:||2001-10-26|
|Date Last Updated:||2001-10-26 02:05 UTC|