search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Novell Netware RCONAG6 fails to validate user password when "Secure IP" is used to establish connection

Vulnerability Note VU#746251

Original Release Date: 2002-08-22 | Last Revised: 2002-08-22

Overview

Novell Netware RCONAG6 allows users to gain access to the server without a password.

Description

Novell Netware RCONAG6 allows users to remotely administer a Novell host. A vulnerability in RCONAG6 makes it possible for a remote user to connect to the server without supplying a password for authentication. For further details, please see the Novell Advisory.

Impact

A remote user can gain access to the Novell host.

Solution

Apply a patch.

Vendor Information

746251
 
Expand all

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

http://support.novell.com/servlet/tidfinder/2963349

Acknowledgements

Thanks to Ed Reed for reporting this vulnerability.

This document was written by Ian A Finlay.

Other Information

CVE IDs: CVE-2002-1413
Severity Metric: 13.50
Date Public: 2002-08-21
Date First Published: 2002-08-22
Date Last Updated: 2002-08-22 14:05 UTC
Document Revision: 4

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis