Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

NessusWX stores credentials in plain text
From: ~Kevin Davis³ <computerguy () cfl rr com>
Date: Sat, 27 Mar 2004 00:02:46 -0500

Software Vendor: NessusWX (nessuswx.nessus.org)
Software Package: NessusWX 
Versions Affected: 1.4.4 and possibly earlier versions
Synopsis: Username and password for various accounts stored in unencrypted plain text

Issue Date: Feb 22, 2004

Vendor Response: Vendor notified December 4, 2003
   Vendor claiming to be working on issue 

================================================================================

1. Summary

NesussWX is a GPL Windows client for the open source Nessus Vulnerability scanner.  
NessusWX stores the credentials of various types of accounts in unencrypted plain 
text in a configuration file. 

2. Problem Description

The user saves specific scan configuration settings in sessions created within
NessusWX.  For every session a directory is created named the same as the
session name with a .session appended to it.  For instance in the case of a
session named MySession, the default location for the session configuration
files would be in the directory C:\NessusDB\MySession.session.  Every session
can save unique Nessus plugin configuration settings.  Among these are
username/password settings for various types of accounts.  These options are 
accessed by selecting a session, and then in the main menu under "Session" selecting 
the "Properties" submenu.  This will display a multi-tabbed dialog.  Select the 
"Plugins" tab and then click on the "Configure Plugins" button.  A listbox will 
be displayed and near the bottom of the list there will be an item named "Login 
Configurations".  When the user saves this logon information, both the usernames 
and passwords are saved in plaintext in the above specified path in a file named 
preferences.  Further,after this information is saved to the file, if the user goes 
back and removes this information using the GUI, the user interface indicates that 
the information has been removed but this is misleading because it is still
retained in the configuration file.  This behavior is somewhat inconsistent.
Sometimes the entire username/password data is retained in the file and
sometimes the first character of each is removed.  When setting these parameters, 
the user is also not informed of this sensitive information being stored 
insecurely.  This potentially affects the following types of accounts:

FTP
IMAP
POP2
POP3
NNTP
SNMP
SMB (Windows NT Domain)

3. Solution

None at this time.  The vendor agreed to fix the problem by allowing the user to 
password protect the data and also have the data removed properly.  It has been 
over 60 days and the patch has not been made available. 


  By Date           By Thread  

Current thread:
  • NessusWX stores credentials in plain text ~Kevin Davis³ (Mar 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]