Netcool/NeuSecure NS account unauthorized database access

netcool-neusecure-ns-unauth-access (25270) The risk level is classified as HighHigh Risk

Description:

Netcool/NeuSecure could allow a remote attacker to bypass security restrictions and gain unauthorized access to the back-end database. The NS database account is configured to allow access from any IP address and is stored in cleartext in the Web interface Applet parameters. A remote attacker could obtain these credentials and gain unauthorized access to the back-end database.


Consequences:

Gain Access

Remedy:

No remedy available as of July 9, 2011.

References:

  • Full-Disclosure Mailing List, Wed Mar 08 2006 - 10:21:27 CST: Remote access to NeuSecure/Netcool backend database via web interface credentials leakage.
  • Netcool/NeuSecure Web site: Micromuse : Solutions - NETCOOL/NEUSECURE - THE CENTER OF SECURITY OPERATIONS.
  • BID-17032: Micromuse Netcool/NeuSecure Website NS Account Password Disclosure Vulnerability
  • CVE-2006-1210: The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 includes the MySQL database username and password in cleartext in body.phtml, which allows remote attackers to gain privileges by reading the source. NOTE: IBM has privately confirmed to CVE that a fix is available for these issues.
  • CVE-2006-1211: IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL database to allow connections from any source IP address with the ns database account, which allows remote attackers to bypass the Netcool/NeuSecure application layer and perform unauthorized database actions. NOTE: IBM has privately confirmed to CVE that a fix is available for these issues.

Platforms Affected:

  • Micromuse Netcool/NeuSecure 3.0.236

Reported:

Mar 08, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page