A design flaw exist in BindView NetInventory and NetRC software that allows users to view the password during auditing. Discovered: Wednesday, January 09, 2002 4:54 PM Steps to reproduce the flaw. Local users can delete their HOSTCFG._NI file and then force an audit from the netlogon directory. During the audit the HOSTCFG._NI is rewritten as HOSTCFG.INI which is in clear text until the audit is complete. Each machine on the network configured with that password can be accessed remotely. BindView returned our e-mails with the statement that it would be fixed in the next release. Brent Barker ViaSat, Inc.
