PT-2004-1358 · Symantec · Symantec Firewall/Vpn Appliance

Davide Del Vecchio

Published

2004-03-15

Updated

2017-10-10

CVE-2004-0190

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Symantec FireWall/VPN Appliance model 200

Description The issue concerns the storage of a cleartext password for the password administration page. This password may be cached on the administrator's local system or in a proxy, allowing attackers to steal the password and gain privileges.

Recommendations For Symantec FireWall/VPN Appliance model 200, consider changing the password administration page to use a secure method of storing passwords, and clear any cached credentials on the administrator's local system and in proxies to prevent unauthorized access.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-0190

Affected Products

Symantec Firewall/Vpn Appliance

PT-2004-1358 · Symantec · Symantec Firewall/Vpn Appliance

CVE-2004-0190

Related Identifiers

Affected Products

References · 6