- Description
- NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and earlier on NetWare logs its invoking command line to NMASINST.LOG, which might allow local users to obtain the admin username and password by reading this file.
- Source
- cve@mitre.org
- NVD status
- Deferred
CVSS 2.0
- Type
- Primary
- Base score
- 4.9
- Impact score
- 6.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:N/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:modular_authentication_service:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0FAD831F-024A-4762-BA06-8CCFAE6B4510",
"versionEndIncluding": "3.1.2"
}
],
"operator": "OR"
}
]
}
]