CVE-2014-9577

Name of the Vulnerable Software and Affected Versions VDG Security SENSE (formerly DIVA) version 2.3.13

Description The issue allows remote authenticated users to obtain usernames and password hashes by logging in to the TCP port 51410 and reading the response. This occurs because the user database is sent when a user logs in.

Recommendations For VDG Security SENSE (formerly DIVA) version 2.3.13, consider restricting access to TCP port 51410 to minimize the risk of exploitation. As a temporary workaround, limit the ability of authenticated users to read the response containing the user database. At the moment, there is no information about a newer version that contains a fix for this vulnerability.