PT-2004-3290 · Blue Coat · Blue Coat Security Gateway Os
Publicado
2004-12-31
·
Atualizado
2024-02-13
·
CVE-2004-2397
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Blue Coat Security Gateway OS versions 3.0 through 3.1.3.13
Blue Coat Security Gateway OS version 3.2.1
Description:
The web-based Management Console in the affected software stores a private key and its passphrase in plaintext in a log file when importing the key. This allows attackers to steal digital certificates.
Recommendations:
For Blue Coat Security Gateway OS versions 3.0 through 3.1.3.13, consider restricting access to the log files to minimize the risk of exploitation.
For Blue Coat Security Gateway OS version 3.2.1, consider restricting access to the log files to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Cleartext Storage of Sensitive Information
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Blue Coat Security Gateway Os