ID de Prueba:	1.3.6.1.4.1.25623.1.0.902928
Categoría:	Web application abuses
Título:	Novell ZENWorks Asset Management 7.5 Hardcoded Credentials Vulnerability (HTTP)
Resumen:	Novell ZENWorks Asset Management is using hardcoded credentials; for the HTTP login.
Descripción:	Summary: Novell ZENWorks Asset Management is using hardcoded credentials for the HTTP login. Vulnerability Insight: The 'GetFile_Password()' and 'GetConfigInfo_Password()' method within the rtrlet component contains hard coded credentials and can be exploited to gain access to the configuration file and download arbitrary files by specifying an absolute path. Vulnerability Impact: Successful exploitation will allow remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function. Affected Software/OS: Novell ZENworks Asset Management version 7.5 is known to be affected. Solution: Apply the patch from the referenced vendor link. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4933 CERT/CC vulnerability note: VU#332412 http://www.kb.cert.org/vuls/id/332412 https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-novell-zenworks http://www.securitytracker.com/id?1027682 XForce ISS Database: novell-zam-info-disclosure(79252) https://exchange.xforce.ibmcloud.com/vulnerabilities/79252
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.