Environment
Novell Client for Windows XP/2003
NMAS Client
Challenge Response Client (LCM)
NMAS Client
Challenge Response Client (LCM)
Situation
Challenge Response Client 2.7.5 or earlier are affected. Challenge
Response Client 2.7.5 shipped with Novell Client 4.91 SP4.
The weakness is due to the Challenge Question dialog box of the Challenge Response client failing to restrict access to the contents of the clipboard when the system is "locked".
This can be exploited to disclose the text contents of the current user's clipboard by pasting it into the "Challenge Question" field.
This security vulnerability is not critical.
The weakness is due to the Challenge Question dialog box of the Challenge Response client failing to restrict access to the contents of the clipboard when the system is "locked".
This can be exploited to disclose the text contents of the current user's clipboard by pasting it into the "Challenge Question" field.
This security vulnerability is not critical.
Resolution
Download and apply Challenge Response Client 2.7.6 FTF (or
greater).