[VIM] Vendor ACK for CVE-2006-3663

Steven M. Christey coley at linus.mitre.org
Mon Jul 24 16:48:50 EDT 2006


---------- Forwarded message ----------
Date: Mon, 24 Jul 2006 09:36:23 +0300
From: Raphael Barki
To: cve at mitre.org
Subject: CVE-2006-3663


We are pleased to inform you that the security issue "Finjan Appliance
5100/8100 NG 8.3.5 stores passwords in plaintext in a backup file, which
allows local users to gain privileges" described here:


has been overcome with version 8.3.6 of Finjan's Vital Security
Appliance (NG 5100/8100), released on 23/7/06.

Non-user passwords in Archive or LDAP locations were not encrypted in
version 8.3.5. In order to prevent any potential vulnerability, the
passwords for LDAP and Archive (i.e., backup) are now encrypted in
version 8.3.6.

Please update your Web site accordingly and kindly send us a
confirmation when done.

Best regards,


Raphael Barki
Director of Product Marketing

More information about the VIM mailing list