On Tue, Sep 27, 2005 at 10:57:57AM -0300, Francisco Amato wrote: [snip] > .:: DESCRIPTION > > This issue is due to a failure of the application to securely parse the > saved port number of the last authentication store in windows register. > > To reproduce this, we have to modify the default register key of > HKEY_CURRENT_USER\Software\Novell\GroupWise\Login Parameters\TCP/IP Port This is obviously a bug, but why is this a security vulnerability? Does the GroupWise client run with elevated privileges? -- Crist J. Clark | cjclark@xxxxxxxxxxxx
