Risk: Low
Summary
While performing a test for a client, NTA Monitor discovered a password disclosure issue in the Avaya VPNRemote VPN client: VPNRemote stores all user credentials (username and password) in clear-text in the process memory. This vulnerability was first discovered on August 24, 2005.
This issue occurs regardless of whether the "Save Password" feature is enabled or not.
Overview
NTA Monitor discovered that the VPNRemote client was loading all the credentials unencrypted in the memory of the process "VPNremote.exe". It was possible to recover the password by dumping the process memory to a file with PMDump.
The vulnerability allows anyone with access to the client system to obtain the username and password along with all the other settings required to establish a successful VPN connection. Additionally, this vulnerability could also be exploited by fooling the user to execute malicious code which would dump the memory of the process "VPNremote.exe".
It is also worth mentioning that sometimes, no direct user interaction is required for the execution of malicious code. Crackers often exploit vulnerabilities in web browsers and email clients that allow them to execute malicious code on the victim's machine without requiring the user to manually execute the Trojaned executable. This means that given the right scenario, this vulnerability present in VPNRemote could be exploited in such a way.