DBTools DBManager catalog.mdb Plaintext Local Credential Disclosure

low Nessus Plugin ID 11616

Synopsis

The database manager on the remote host has an information disclosure vulnerability.

Description

The remote host is running DBManager from DBTool - a GUI to manage MySQL and PostgreSQL databases.

This program stores the passwords and IP addresses of the managed databases in an unencrypted file. A local attacker could use the data in this file to log into the managed databases and execute arbitrary SQL queries.

Solution

There is no solution at this time.

See Also

https://seclists.org/bugtraq/2003/Mar/118

Plugin Details

Severity: Low

ID: 11616

File Name: dbtools_dbmanager_pwd.nasl

Version: 1.19

Type: local

Family: Databases

Published: 5/10/2003

Updated: 11/15/2018

Supported Sensors: Nessus

Vulnerability Information

CPE: x-cpe:/a:dbtools:dbmanager

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 7040