World-writable Base64 Encoded Log Files in CentraOne 5.2 and Centra ASP with Basic Authentication

World-writable Base64 Encoded Log Files in CentraOne 5.2 and Centra ASP with Basic Authentication

CVE-2001-1550 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

CentraOne 5.2 and Centra ASP with basic authentication enabled creates world-writable base64 encoded log files, which allows local users to obtain cleartext passwords from decoded log files and impersonate users.

Learn more about our User Device Pen Test.