Challenge Response Client (LCM) allows clipboard contents to be pasted into question response fields when workstation is locked

  • 3726376
  • 04-Feb-2008
  • 26-Apr-2012


Novell Client for Windows XP/2003
NMAS Client
Challenge Response Client (LCM)


Challenge Response Client 2.7.5 or earlier are affected. Challenge Response Client 2.7.5 shipped with Novell Client 4.91 SP4.

The weakness is due to the Challenge Question dialog box of the Challenge Response client failing to restrict access to the contents of the clipboard when the system is "locked".

This can be exploited to disclose the text contents of the current user's clipboard by pasting it into the "Challenge Question" field.

This security vulnerability is not critical.


Download and apply Challenge Response Client 2.7.6 FTF (or greater).


Security Alert