CVE-2012-4605

Name of the Vulnerable Software and Affected Versions Websense Email Security versions 6.1 through 7.3

Description The default configuration of the SMTP component enables weak SSL ciphers, making it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.

Recommendations For Websense Email Security versions 6.1 through 7.3, consider disabling the use of weak SSL ciphers in the SMTP component to minimize the risk of exploitation. Restrict access to the SMTP configuration to prevent unauthorized changes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.