exploit the possibilities


Posted Aug 5, 2003
Authored by Adam Gray | Site novacoast.com

Novacoast Security Advisory - Novacoast has discovered that Novell GroupWise 6.5 Wireless Webaccess logs all usernames and passwords in clear text.

tags | advisory
MD5 | 773f027903baa1b8e6862f9dd4cbb5f1


Change Mirror Download
Novacoast Security Advisory
Novell GroupWise 6.5 Vulnerability

Novacoast has discovered a vulnerability in the Novell GroupWise 6.5 Wireless Webaccess logging functionality. The software exposes all username and passwords within the log file in clear text. This information could be used to impersonate other users and allow unauthorized access to mail or network resources.

A key component of the Novell Nterprise* family of one Net solutions, Novell® GroupWise® 6.5 is a cross-platform collaboration product that enables you to work smarter alone and with others over any type of network*wired to wireless, including the Internet. In addition to integrated e-mail and scheduling services, GroupWise offers task-, contact- and document-management services that increase productivity. GroupWise also delivers secure instant messaging, tools that help you manage daily activities more efficiently and extensive mobile-access capabilities. In a nutshell, this innovative, open standards-based approach to collaboration services provides security, control and mobility while increasing user productivity and reducing the cost of managing and maintaining your organization's essential communication and collaboration services.

Affected Version:
Novell GroupWise 6.5 Webaccess
Novell GroupWise Wireless Web Access
Novell Linux/Mac Beta Client
NetWare 5/6
Apache 1.3.x

None required
Open sys:\apache\logs\access_log
Passwords are listed as part of the url. the are preceded with username=****&password=****

Recommended Solution:
Upgrade to Novell GroupWise 6.5 sp1

This bug has been submitted to, acknowledged by, and a fix has been created and included with the latest service pack for Novell GroupWise 6.5. It can be downloaded from:

Additional information can be found at the following location:

Novacoast accepts no liability or responsibility for the
content of this report, or for the consequences of any
actions taken on the basis of the information provided
within. Dissemination of this information is granted
provided it is presented in its entirety. Modifications
may not be made without the explicit permission of

Adam Gray
Novacoast, Inc.


RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

December 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    1 Files
  • 2
    Dec 2nd
    16 Files
  • 3
    Dec 3rd
    17 Files
  • 4
    Dec 4th
    23 Files
  • 5
    Dec 5th
    11 Files
  • 6
    Dec 6th
    10 Files
  • 7
    Dec 7th
    1 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    15 Files
  • 10
    Dec 10th
    30 Files
  • 11
    Dec 11th
    8 Files
  • 12
    Dec 12th
    16 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2019 Packet Storm. All rights reserved.

Security Services
Hosting By