VULHUB ™

It has been reported that EnGarde WebTool is vulnerable to a password disclosure issue that may allow a local attacker to harvest user passwords. The problem occurs as user authentication credentials are stored in /var/log/userpass.log file. An attacker with root privileges or read access to this file may harvest sensitive user authentication information. Successful exploitation of this issue may allow an attacker to steal authentication information. This information could be used to launch further attacks.

It has been reported that EnGarde WebTool is vulnerable to a password disclosure issue that may allow a local attacker to harvest user passwords. The problem occurs as user authentication credentials are stored in /var/log/userpass.log file. An attacker with root privileges or read access to this file may harvest sensitive user authentication information. Successful exploitation of this issue may allow an attacker to steal authentication information. This information could be used to launch further attacks.