Novell in trouble over GroupWise flaw

Three months after being informed of a serious security vulnerability in its GroupWise collaboration suite, Novell is still struggling to release an effective fix for the problem, according to a security manager.The problem allows an attacker to obtain login details remotely, according to Jeff Truedson, network security manager for lighting manufacturer Hubbell.

Three months after being informed of a serious security vulnerability in its GroupWise collaboration suite, Novell is still struggling to release an effective fix for the problem, according to a security manager.

The problem allows an attacker to obtain login details remotely, according to Jeff Truedson, network security manager for lighting manufacturer Hubbell. "A GroupWise user could have someone accessing their e-mail, they would never even know it," he wrote in an e-mail publicly disclosing the vulnerability.

Truedson said he published details about the flaw after giving Novell almost three months to fix the issue. The problem affects versions 5.5, 6.5.2 and 6.0 of GroupWise on the Microsoft Windows platform.

According to Truedson, the vendor released a test version of a patch early in June with the aim of fixing the problem. ZDNet Australia&nbsp understands Novell subsequently acknowledged the patch was not effective. Truedson said he had not heard from the vendor for one month after that date.

A Novell spokesperson was not available to comment on the issue. The company's GroupWise worldwide support division is understood to be responsible for providing a fix.