CVE-1999-1528 in NetWare Client
Summary
by MITRE
ProSoft Netware Client 5.12 on Macintosh MacOS 9 does not automatically log a user out of the NDS tree when the user logs off the system, which allows other users of the same system access to the unprotected NDS session.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 04/19/2026
The vulnerability described in CVE-1999-1528 represents a critical session management flaw in the ProSoft Netware Client 5.12 implementation for Macintosh MacOS 9 systems. This issue stems from improper handling of network directory services authentication states when users terminate their local system sessions. The flaw creates a persistent security risk by failing to properly terminate network services sessions, leaving NDS (Novell Directory Services) connections active even after local user logout events. This behavior directly violates fundamental security principles of session termination and privilege isolation, creating an exploitable condition where subsequent users can leverage the abandoned network session to access protected resources.
The technical root cause of this vulnerability lies in the client-side session management implementation within the ProSoft Netware Client software. When a user logs off from the MacOS 9 system, the application fails to execute proper cleanup routines that would terminate the active NDS connection and invalidate the associated authentication tokens. This omission creates what is known as a "session hijacking" vulnerability where the network session remains authenticated and accessible to anyone with physical access to the system. The flaw specifically affects the integration between local operating system logout procedures and network directory service session termination mechanisms, demonstrating poor adherence to secure coding practices and session lifecycle management standards.
From an operational impact perspective, this vulnerability creates significant security risks for organizations relying on Novell Netware directory services in mixed operating system environments. The persistent NDS session allows unauthorized users to potentially access sensitive network resources, modify directory entries, or perform actions within the privileges of the original authenticated user. This represents a direct violation of the principle of least privilege and can lead to data breaches, unauthorized system modifications, and potential escalation of privileges within the network infrastructure. The vulnerability is particularly concerning in shared or public computing environments where multiple users may have access to the same physical system.
The security implications of this vulnerability align with CWE-613, which addresses "Insufficient Session Expiration" in software applications. This weakness specifically manifests when applications fail to properly terminate sessions upon user logout or system shutdown, creating persistent authentication contexts that can be exploited by malicious actors. The vulnerability also maps to ATT&CK technique T1566, "Phishing", as it could enable attackers to leverage compromised sessions for further network infiltration. Organizations should implement immediate mitigations including disabling automatic network authentication, implementing additional physical security controls, and ensuring proper session cleanup procedures are enforced through system policies and network configuration standards. The remediation approach should focus on both application-level fixes and network-level security controls to prevent unauthorized access to directory services through abandoned session states.