Entercept Agent Password Exposure

From: Entercept (entercept@ENTERCEPT.COM)
Date: 07/11/02 

Date:         Wed, 10 Jul 2002 17:53:17 -0700
From: Entercept <entercept@ENTERCEPT.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Date: July 10, 2002

Entercept Agent Password Exposure

Summary
When installing a version of the Entercept agent dated prior to May 21,
2002, there is a potential for a local administrator to obtain the password
of the entercept_agent account. The entercept_agent account is a member of
the local Administrators group. If a malicious administrator gains the
entercept_agent account password, he or she could use the account for
malicious activities on the server while concealing their true identity.
Only administrators can install Entercept, so no additional privileges can
be gained via this exposure. This exposure permits an administrator to
obtain access to entercept_agent account, which also has administrator
privileges.

Versions Affected
Entercept agent released prior to May 21, 2002. This issue is present in
Windows agents only. Solaris agents are not affected.

Severity Rating
Minimal

Recommendations
Upgrade to a version of the Entercept agent dated May 21, 2002 or later.
The password exposure issue is not present in Entercept agents dated May 21,
2002 and later.

Acknowledgements
Entercept thanks Don Arthurs of DAT Group LTD (www.datgroup.com) for
reporting this exposure and cooperating with Entercept in resolving the
issue.

For additional information, contact:
Entercept Public Relations
pr@entercept.com
www.entercept.com

DISCLAIMER STATEMENT: The information in this bulletin is provided by
Entercept Security Technologies, Inc. ("Entercept") and is intended to
provide information on a particular security issue or incident. Given that
each exploitation technique is unique, Entercept makes no claim to prevent
any specific exploit related to the vulnerability discussed in this
bulletin. Entercept expressly disclaims any and all warranties with respect
to the information provided in this bulletin, express or implied or
otherwise, including, but not limited to, warranty of fitness for a
particular purpose. Under no circumstances may this information be used to
exploit vulnerabilities in any other environment.

About Entercept Security Technologies
Entercept Security Technologies is the proven leader in intrusion prevention
software. Based on patented technology, Entercept safeguards the entire
server by preventing known and unknown malicious attacks. Unlike other
security solutions, Entercept uses a combination of behavioral rules and
signatures to proactively prevent attacks rather than merely detecting and
reporting them after they occur. Strategic partners include Cisco, Check
Point, Foundstone and other leading companies. Entercept has received
numerous awards and industry recognition, including Network Magazine's 2001
Product of the Year, Fortune Small Business Magazine's '65 Big Ideas List',
SC Magazine's 'Best Pick of the Year 2000 and 2001', InfoWorld magazine's
'Business Impact of the Year Award', and InfoWorld magazine's Readers Choice
'Security Product of the Year'. www.entercept.com
The information provided is identified, assessed and measured by the
Entercept Ricochet(tm) security research team, a leading group of security
experts dedicated to collecting and evaluating intelligence against server
threats.

(c)2002 Entercept Security Technologies. All rights reserved. Entercept and
the Entercept logo are trademarks of Entercept Security Technologies. All
other trademarks, trade names or service marks are the property of their
respective owners.