During installation of BackOffice 4.0, a file called reboot.ini is created and stored in the \Program Files\Microsoft BackOffice directory. This file contains clear-text usernames and passwords for several services that may be created during installation. These services include: SQL Executive Logon, Exchange Services, and MTS Remote Administration (and potentially others). The File ACLs for this file are set to Everyone:Full Control.
Clear-text usernames and passwords are stored in the \Program Files\Microsoft BackOffice\Reboot.ini file.
BackOffice Server reboot.ini Cleartext Password Storage
Loss of Confidentiality
Currently, there are no known upgrades or patches to correct this vulnerability. It is possible to temporarily work around the flaw by implementing the following workaround: Delete the file Program Files\Microsoft Backoffice\Reboot.ini after installation.