VULHUB ™

Caldera has reported that Volution Manager 1.1 stores the Directory Administrator password in cleartext in the '/etc/ldap/sldap.conf' configuration file. While Volution Manager supports encrypted passwords, they are not enabled by default. It should be noted that '/etc/ldap/sldap.conf' is not world-readable. The attacker may exploit another vulnerability to obtain the file contents.

Caldera has reported that Volution Manager 1.1 stores the Directory Administrator password in cleartext in the '/etc/ldap/sldap.conf' configuration file. While Volution Manager supports encrypted passwords, they are not enabled by default. It should be noted that '/etc/ldap/sldap.conf' is not world-readable. The attacker may exploit another vulnerability to obtain the file contents.