Unrated severityNVD Advisory· Published Sep 5, 2006· Updated Apr 16, 2026

CVE-2006-4537

Description

NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and Alpha 8.2 writes a password to an audit log file when there is a successful connection after a "network breakin" event, which allows local users to obtain passwords by reading the file.

Affected products

Dec/Dec Openvms Alpha2 versions
cpe:2.3:a:dec:dec_openvms_alpha:7.3.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:dec:dec_openvms_alpha:7.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:dec:dec_openvms_alpha:8.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/21705nvdPatchVendor Advisory
www.securityfocus.com/bid/19783nvdPatch
secunia.com/advisories/23632nvdVendor Advisory
www.vupen.com/english/advisories/2006/3423nvdVendor Advisory
ftp.itrc.hp.com/openvms_patches/alpha/V7.3-2/AXP_DNVOSIECO03-V732.txtnvd
ftp.itrc.hp.com/openvms_patches/alpha/V8.2/AXP_DNVOSIECO02-V82.txtnvd
securitytracker.com/idnvd
securitytracker.com/idnvd
www.osvdb.org/28272nvd
exchange.xforce.ibmcloud.com/vulnerabilities/28695nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000