发布时间 :2005-08-17 00:00:00
修订时间 :2016-10-17 23:28:56

[原文]grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the password using a debugger or another mechanism to read process memory.

[CNNVD]Novell GroupWise 明文口令泄露漏洞(CNNVD-200508-178)

        Novell GroupWise是一款跨平台协作软件。
        Novell GroupWise客户端对口令的处理上存在漏洞,攻击者可能利用此漏洞获取口令。GroupWise的grpWise.exe不能安全的处理认证凭据信息,这样本地攻击者就可以使用pmdump之类的工具临时存储进程的内存,以明文获取用户名和口令。攻击者也可能远程利用这个漏洞。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:novell:groupwise:6.5.2Novell Groupwise 6.5.2
cpe:/a:novell:groupwise:6.0Novell Groupwise 6.0
cpe:/a:novell:groupwise:6.5Novell Groupwise 6.5

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20050620 Novell GroupWise Plain Text Password Vulnerability.
(UNKNOWN)  FULLDISC  20050825 NOVL-2005010098073 GroupWise Password Caching
(UNKNOWN)  BUGTRAQ  20050817 NOVL-2005010098073 GroupWise Password Caching
(UNKNOWN)  BID  13997
(UNKNOWN)  XF  groupwise-client-plaintext-password(21075)

- 漏洞信息

Novell GroupWise 明文口令泄露漏洞
中危 设计错误
2005-08-17 00:00:00 2005-10-20 00:00:00
        Novell GroupWise是一款跨平台协作软件。
        Novell GroupWise客户端对口令的处理上存在漏洞,攻击者可能利用此漏洞获取口令。GroupWise的grpWise.exe不能安全的处理认证凭据信息,这样本地攻击者就可以使用pmdump之类的工具临时存储进程的内存,以明文获取用户名和口令。攻击者也可能远程利用这个漏洞。

- 公告与补丁


- 漏洞信息 (F39460)

NOVL-2005-10098073.txt (PacketStormID:F39460)
2005-08-18 00:00:00

The GroupWise client sometimes caches the user name and password in memory while it is running. A hostile user with administrative access to the machine where a user is logged in may dump memory and find username/password pairs of logged in users. Versions below 7 are affected.

Hash: SHA1

For Immediate Disclosure

============================== Summary ==============================

 Security Alert: NOVL-2005-10098073
          Title: GroupWise Password Caching
           Date: 16-August-2005
       Revision: Original
   Product Name: GroupWise 5.x, 6.x
 OS/Platform(s): Windows and NetWare
  Reference URL:
    Vendor Name: Novell, Inc. 
     Vendor URL:
Security Alerts: 
        Affects: GroupWise Windows Clients & Proxies
    Identifiers: Bugtraq:13997, CVE:CAN-2005-2620, SECTRACK:1014247

============================ Description ============================

The GroupWise client sometimes caches the user name and password in 
memory while it is running.

============================== Impact ===============================

A hostile user with administrative access to the machine where a user 
is logged in may dump memory and find username/password pairs of 
logged in users.

======================== Recommended Actions ========================
GW 7 was released with these fixes already applied, so no further
action is required for GroupWise 7 users.

Until the official release of GroupWise 6.5 SP5 in mid-September, 
customers wishing to apply Field Test Files (FTF) can download these 
from  and locate the latest 
GroupWise Agents and GroupWise Client FTFs.  Currently as of 
August 16, 2005 the filenames are fgw655h.exe for Agents and 
f32655f7e.exe for GW Client.  Both, FTFs will need to be applied 
to get the full fix. 

See detailed instructions in the referenced Technical Information 
Document (TID): 

============================ DISCLAIMER =============================

The content of this document is believed to be accurate at the time 
of publishing based on currently available information. However, the 
information is provided "AS IS" without any warranty or 
representation. Your use of the document constitutes acceptance of 
this disclaimer. Novell disclaims all warranties, express or 
implied, regarding this document, including the warranties of 
merchantability and fitness for a particular purpose. Novell is not 
liable for any direct, indirect, or consequential loss or damage 
arising from use of, or reliance on, this document or any security 
alert, even if Novell has been advised of the possibility of such 
damages and even if such damages are foreseeable.

============================ Appendices =============================


================ Contacting Novell Security Alerts ==================

To report suspected security vulnerabilities in Novell products, 
send email to

PGP users may send signed/encrypted information to us using our 
PGP key, available from the our website at: 


Novell Security Alerts, Novell, Inc. PGP Key Fingerprint:

3C6B 3F26 4E34 1ADF E27B D6C4 1AC8 9184 34D1 9739

========================= Revision History ==========================
       Original: 16-Aug-2005 - Original Publication

Version: GnuPG v1.2.4 (GNU/Linux)



- 漏洞信息

Novell GroupWise grpWise.exe Cleartext Password Disclosure
Local Access Required Cryptographic, Information Disclosure
Loss of Confidentiality
Exploit Unknown

- 漏洞描述

Novell GroupWise contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered because the 'grpWise.exe' process stores the user's e-mail password in memory in clear text, which can be used by a local attacker to obtain a target user's e-mail password resulting in a loss of confidentiality.

- 时间线

2005-06-20 2005-03-30
Unknow Unknow

- 解决方案

Upgrade to version 6.5 SP5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Novell GroupWise GrpWise.EXE Authentication Credentials Persistence Weakness
Design Error 13997
No Yes
2005-06-20 12:00:00 2009-07-12 04:06:00
Discovery of this issue is credited to "Security Team" <>.

- 受影响的程序版本

Novell Groupwise 6.5.4
Novell Groupwise 6.5.2
Novell Groupwise 6.5 SP2
Novell Groupwise 6.5 SP1
Novell Groupwise 6.5
Novell Groupwise 6.0 SP4
Novell Groupwise 6.0 SP3
Novell Groupwise 6.0 SP2
Novell Groupwise 6.0 SP1
Novell Groupwise 6.0
Novell Groupwise 5.5
- Novell Netware 5.0
- Novell Netware 4.11
Novell Groupwise 5.2
- Novell Netware 5.0
- Novell Netware 4.11
DameWare Development NT Utilities 4.9
DameWare Development NT Utilities 4.8
DameWare Development NT Utilities 3.0
Novell Groupwise 7.0

- 不受影响的程序版本

Novell Groupwise 7.0

- 漏洞讨论

A problem with Novell GroupWise may allow the recovery of sensitive information.

Novell GroupWise 'grpWise.exe' does not safely handle authentication credential information. As a result, a local user may be able to recover authentication passwords.

- 漏洞利用

No exploit is required.

- 解决方案

Novell reports that this issue will be addressed in GroupWise 6.5 SP5. There are also field test files available to address this issue. Please see the referenced Novell TID for instructions on obtaining these test files.

Novell security advisory NOVL-2005-10098073 is available. Novell GroupWise 7 is not vulnerable to this issue. Please see the referenced advisory for further information.

- 相关参考