CVE-2013-4091

Name of the Vulnerable Software and Affected Versions Imperva SecureSphere version 9.0.0.5

Description The issue concerns the SecureSphere Operations Manager (SOM) Management Server, where the login page secsphLogin.jsp lacks an autocomplete attribute for the j password field. This omission makes it easier for remote attackers to gain access, particularly in scenarios involving unattended workstations.

Recommendations For Imperva SecureSphere version 9.0.0.5, consider adding an autocomplete attribute to the j password field on the secsphLogin.jsp login page to prevent attackers from easily obtaining access to the system. As a temporary workaround, ensure that workstations are properly secured and monitored to minimize the risk of exploitation.