Skip to main content

Light shed on Novell's darkest security secret

posted onDecember 5, 2001
by hitbsecnews

Source: The Register

Novell users are finally able to find out why they needed to apply a patch to fix a GroupWise security problem deemed so serious the firm decided to keep it secret.

Back in August, Novell sent an email to GroupWise 5.5 Enhancement Pack and GroupWise 6 users asking them to apply the Padlock Fix patch to their servers immediately. It wouldn't tell anybody why it's needed, lest hackers exploit the problem on unpatched systems. There was also a patch for client machines, but this was less critical...

Users were left to wonder why the server patch was needed or had to trust Novell that applying it wouldn't mess with their environment. Novell simply warned users about an unstated risk and urged them in the strongest terms to apply a patch

Three months on, Novell believes the vast majority of its clients have applied the patch and has (quietly) posted a security update on its Web site.

The Padlock Fix, it can now be revealed, closes up a security flaw which might allow usernames and passwords to be sniffed if a hacker manages to put a protocol analyser between a GroupWise server and client. With the username and password in tow, a cracker can easily enter a user's mailbox.

Source

Tags

Networking

You May Also Like

Recent News

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th

Thursday, June 6th

Wednesday, June 5th