[原文]PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password in cleartext to the abend.log log file when the groupOperationsMethod function fails, which allows context-dependent attackers to gain privileges.
Novell NetWare abend.log User Credentials Disclosure
Local Access Required
Loss of Confidentiality
Novell NetWare contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when PORTAL.NLM function groupOperationsMethod() fails, which will write the username and password in cleartext to the abend.log file, resulting in a loss of confidentiality.
Currently, there are no known workarounds or upgrades to correct this issue. However, vendor has released a patch httpstk5.exe to address this vulnerability.