{"vuid":"VU#396212","idnumber":"396212","name":"Netgear ProSafe Plus Configuration Utility writes out plaintext passwords to backup configuration files","keywords":["netgear","prosafe plus","cwe-200"],"overview":"The Netgear ProSafe Plus Configuration Utility exposes password information via the configuration backup file.","clean_desc":"CWE-200 - Information Exposure\nThe Netgear ProSafe Plus Configuration Utility provides a feature to back up switch configuration. In the backup file, the device password is clearly visible in plaintext.","impact":"An unauthenticated attacker with access to the configuration backup file may be able to retrieve the administrative password to the device.","resolution":"The CERT/CC is currently unaware of a practical solution to this problem.","workarounds":"Network administrators choosing to use configuration backup files should ensure that they are not accessible to unauthorized users.","sysaffected":"","thanks":"","author":"This document was written by Joel Land.","public":["http://kb.netgear.com/app/answers/detail/a_id/12048/~/prosafe-plus-switches-faq","http://cwe.mitre.org/data/definitions/200.html"],"cveids":["CVE-2014-4864"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2014-07-11T17:36:08Z","publicdate":"2014-09-08T00:00:00Z","datefirstpublished":"2014-09-08T19:17:15Z","dateupdated":"2014-09-08T19:17:15Z","revision":14,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"A","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"N","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"2.9","cvss_basevector":"AV:A/AC:M/Au:N/C:P/I:N/A:N","cvss_temporalscore":"2.8","cvss_environmentalscore":"2.041958881368","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}