PT-2014-3577 · Websense · Websense Web Security+4

Published

2014-04-12

Updated

2014-04-14

CVE-2014-0347

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Websense Triton Unified Security Center versions 7.7.3 before Hotfix 31 Websense Web Filter versions 7.7.3 before Hotfix 31 Websense Web Security versions 7.7.3 before Hotfix 31 Websense Web Security Gateway versions 7.7.3 before Hotfix 31 Websense Web Security Gateway Anywhere versions 7.7.3 before Hotfix 31

Description The issue allows remote authenticated users to read cleartext passwords by modifying an INPUT element in the Log Database or User Directories component. This is done by replacing type="password" with type="text".

Recommendations For Websense Triton Unified Security Center version 7.7.3, apply Hotfix 31. For Websense Web Filter version 7.7.3, apply Hotfix 31. For Websense Web Security version 7.7.3, apply Hotfix 31. For Websense Web Security Gateway version 7.7.3, apply Hotfix 31. For Websense Web Security Gateway Anywhere version 7.7.3, apply Hotfix 31.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2014-0347

Affected Products

Websense Triton Unified Security Center

Websense Web Filter

Websense Web Security

Websense Web Security Gateway

Websense Web Security Gateway Anywhere

PT-2014-3577 · Websense · Websense Web Security+4

CVE-2014-0347

Weakness Enumeration

Related Identifiers

Affected Products

References · 3