CVE-2010-3897 Information

Description

ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code which might allow remote attackers to obtain sensitive information by leveraging read access to this file.

Reference

http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt http://www.securityfocus.com/archive/1/514688/100/0/threaded http://www.securityfocus.com/bid/44740 http://www.vupen.com/english/advisories/2010/2933