In association with heise online

27 November 2007, 12:20

A vulnerability in Sentinel Protection Server allows access to data

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A vulnerability in the SafeNet Sentinel Protection Server and Key Server reportedly allows access to protected information. The problem is caused by a directory traversal bug in an embedded web server. A URL of the form http://ip-adresse:6002/../../../../../../winnt/repair/sam allows a copy of a Protection Server system's Windows password file to be read remotely.

Sentinel Protection Server 7.0.0 to 7.0.4 and Sentinel Keys Server 1.0.3 are affected. The flaws have been remedied in Protection Server 7.4.1 and Keys Server 1.0.4. The vendor has published an update (ZIP file).

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit