Vulnerability Description
BindView NetInventory 1.0, when used with NetRC 1.0, allows local users to read sensitive information (passwords) by deleting the HOSTCFG._NI file and forcing an audit, which rewrites the HOSTCFG._NI to HOSTCFG.INI and stores the passwords in cleartext until the audit is complete.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bindview | Netinventory | 1.0 |
| Bindview | Netrc | 1.0 |
References
- http://online.securityfocus.com/archive/1/252293
- http://online.securityfocus.com/archive/1/256056
- http://www.securityfocus.com/bid/3957Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7992
- http://online.securityfocus.com/archive/1/252293
- http://online.securityfocus.com/archive/1/256056
- http://www.securityfocus.com/bid/3957Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7992
FAQ
What is CVE-2002-1676?
CVE-2002-1676 is a vulnerability with a CVSS score of 2.1 (LOW). BindView NetInventory 1.0, when used with NetRC 1.0, allows local users to read sensitive information (passwords) by deleting the HOSTCFG._NI file and forcing an audit, which rewrites the HOSTCFG._NI ...
How severe is CVE-2002-1676?
CVE-2002-1676 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1676?
Check the references section above for vendor advisories and patch information. Affected products include: Bindview Netinventory, Bindview Netrc.