Sensitive Information Disclosure in BindView NetInventory 1.0 and NetRC 1.0

Sensitive Information Disclosure in BindView NetInventory 1.0 and NetRC 1.0

CVE-2002-1676 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

BindView NetInventory 1.0, when used with NetRC 1.0, allows local users to read sensitive information (passwords) by deleting the HOSTCFG._NI file and forcing an audit, which rewrites the HOSTCFG._NI to HOSTCFG.INI and stores the passwords in cleartext until the audit is complete.

Learn more about our User Device Pen Test.