CVE-2008-4646

Name of the Vulnerable Software and Affected Versions Websense Enterprise version 6.3.2

Description The issue concerns the storage of the SQL database system administrator password in plaintext within a log file, specifically CreateDbInstall.log, by the Websense Reporter Module. This allows local users to obtain the password and gain privileges to the database.

Recommendations For Websense Enterprise version 6.3.2, consider restricting access to the CreateDbInstall.log file to prevent unauthorized users from obtaining the database administrator password. Additionally, as a temporary workaround, manually encrypt or securely store the SQL database system administrator password until a more permanent solution is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.