TUCoPS :: Networks :: Wireless :: bt780.txt

Novell GroupWise 6.5 Clear Text Vulnerability

Novacoast Security Advisory
Novell GroupWise 6.5 Vulnerability

Novacoast has discovered a vulnerability in the Novell GroupWise 6.5 =
Wireless Webaccess logging functionality. The software exposes all =
username and passwords within the log file in clear text.  This information=
 could be used to impersonate other users and allow unauthorized access to =
mail or network resources.

A key component of the Novell Nterprise* family of one Net solutions, =
Novell=AE GroupWise=AE 6.5 is a cross-platform collaboration product that =
enables you to work smarter alone and with others over any type of =
network*wired to wireless, including the Internet. In addition to =
integrated e-mail and scheduling services, GroupWise offers task-, =
contact- and document-management services that increase productivity. =
GroupWise also delivers secure instant messaging, tools that help you =
manage daily activities more efficiently and extensive mobile-access =
capabilities. In a nutshell, this innovative, open standards-based =
approach to collaboration services provides security, control and mobility =
while increasing user productivity and reducing the cost of managing and =
maintaining your organization's essential communication and collaboration =

Affected Version:
Novell GroupWise 6.5 Webaccess
Novell GroupWise Wireless Web Access
Novell Linux/Mac Beta Client
NetWare 5/6
Apache 1.3.x

None required
Open sys:\apache\logs\access_log
Passwords are listed as part of the url. the are preceded with username=3D*=

Recommended Solution:
Upgrade to Novell GroupWise 6.5 sp1

This bug has been submitted to, acknowledged by, and a fix has been =
created and included with the latest service pack for Novell GroupWise =
6.5. It can be downloaded from:

Additional information can be found at the following location:

Novacoast accepts no liability or responsibility for the=20
content of this report, or for the consequences of any=20
actions taken on the basis of the information provided=20
within. Dissemination of this information is granted=20
provided it is presented in its entirety. Modifications=20
may not be made without the explicit permission of

Adam Gray
Novacoast, Inc.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH