McAfee WebShield Appliance Default Password May Grant Access to Remote Users
|
|
SecurityTracker Alert ID: 1014590
|
|
SecurityTracker URL: http://securitytracker.com/id?1014590
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jul 28 2005
|
Impact: User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): WebShield e250 Appliance, version 3.0
|
Description: A vulnerability was reported in McAfee WebShield e250 appliances. A remote user may be able to gain access to the system.
A remote user can login to the user interface using an unspecified username with a default password. The default password is different than the 'webshield' default password.
|
Impact: A remote user can gain access to the target appliance.
|
Solution: The vendor has issued a fixed version (3.0 HF244508). The vendor's release notes are available at:
http://knowledgemap.nai.com/KanisaSupportSite/search.do?cmd=displayKCPopup&docType=kc&externalId=KBkb41837xml&sliceId=&dialogID=452
|
Vendor URL: knowledgemap.nai.com/KanisaSupportSite/search.do?cmd=displayKCPopup&docType=kc&externalId=KBkb41837xml&sliceId=&dialogID=452878 (Links to External Site)
|
Cause: Configuration error
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 28 Jul 2005 00:24:11 -0400
Subject: http://knowledgemap.nai.com/KanisaSupportSite/search.do?cmd=displayKCPopup&docType=kc&externalId=KBkb41837xml&sliceId=&dialogID=452
|
> Release Notes for McAfee WebShield appliance version 3.0 HF244508
> It is possible to login to the user interface with a user name and default
> password; which is not the "webshield" default.
|
|
