Insecure Storage of Credentials in SnortCenter 0.9.5

Insecure Storage of Credentials in SnortCenter 0.9.5

CVE-2002-1970 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

SnortCenter 0.9.5, when configured to push Snort rules, stores the rules in a temporary file with world-readable and world-writable permissions, which allows local users to obtain usernames and passwords for the alert database servers.

Learn more about our Cis Benchmark Audit For Server Software.