VYPR
Unrated severityNVD Advisory· Published Sep 5, 2006· Updated Jun 16, 2026

CVE-2006-4537

CVE-2006-4537

Description

NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and Alpha 8.2 writes a password to an audit log file when there is a successful connection after a "network breakin" event, which allows local users to obtain passwords by reading the file.

Affected products

3
  • Dec/Dec Openvms2 versions
    cpe:2.3:a:dec:dec_openvms_alpha:7.3.2:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:dec:dec_openvms_alpha:7.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:dec:dec_openvms_alpha:8.2:*:*:*:*:*:*:*
  • Range: Alpha 7.3-2, Alpha 8.2

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.