COMMAND

	BindView NetInventory & NetRC  may  be  fooled  to  reveal  auditing
	password

SYSTEMS AFFECTED

	NetInventory and NetRC as of 25 January 2002

PROBLEM

	Barker Brent of ViaSat [http://www.viasat.com] posted :
	

	Local users can delete their HOSTCFG._NI file and then  force  an  audit
	from the  netlogon  directory.  During  the  audit  the  HOSTCFG._NI  is
	rewritten as HOSTCFG.INI which is in  clear  text  until  the  audit  is
	complete.
	

	Each machine on  the  network  configured  with  that  password  can  be
	accessed remotely.

SOLUTION

	 Update (14 February 2002)

	 ======

	

	A fix has been available for this issue at:
	

	ftp://ftp.bindview.com/Products/NETrc/NETinventory_NETrc_HotFix.zip