|
|
|
|
| |
This security bug applies to CentraOne v5.2 customers using Centra Smart Connect patch CEN5.2-03 (released November 11, 2001) and Centra ASP customers. For both sets of customers, it only applies to users who connect to the Centra Server through a proxy server that has Basic Authentication enabled.
When the client launches, a log file is created on the end user's local PC. If the user is connecting through a proxy server with Basic Authentication enabled, the log file contains information about the proxy server including a base64 encoded username / password string. This information could be used to launch an impersonation attack by an individual who has physical access to the log files on the end user's client PC. |
| |
Credit:
The information has been provided by JClark.
|
| |
Presentation of the vulnerability:
Below is a list of steps you can take to avoid this problem. Please contact Centra Customer Support for more details.
NOTE: Only applicable to customers using CentraOne 5.2 with Patch CEN5.2-03 and Centra ASP services
- Upgrade to CentraOne 5.3 General Availability, which is not susceptible to this problem and is available from Centra today.
- Install the patch designed to address this, which will be available for download from the Centra customer support web site on or before Friday, January 4.
- Centra will be adding a patch to the Centra eMeeting ASP service to address this bug.
|
|
|
|
|
|
|
|
|
|
