SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Websense Vendors:   Websense
Websense Enterprise Reporter Module Saves the SQL Database SA Password to Local Users
SecurityTracker Alert ID:  1021058
SecurityTracker URL:  http://securitytracker.com/id/1021058
CVE Reference:   CVE-2008-4646   (Links to External Site)
Updated:  Oct 23 2008
Original Entry Date:  Oct 15 2008
Impact:   Disclosure of authentication information
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 6.3.2
Description:   Eric Beaulieu reported a vulnerability in Websense Enterprise in the Websense Reporter Module. A local user can obtain the SQL database administrator password.

The reporter module stores the SQL database system administrator password in a log file ('CreateDbInstall.log') which is then saved in a zip file on the target system.

A local user can obtain the password.

Websense version 7 does not use the affected reporter module.

The vendor was notified on March 14, 2008.

Eric BEAULIEU reported this vulnerability.

The original advisory is available at:

http://www.zebux.org/pub/Advisory/Advisory_Websense_Reporter_Password_Disclosure_200810.txt

Impact:   A local user can obtain the SQL database system administrator password.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.websense.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Red Hat Enterprise), Linux (Red Hat Fedora), UNIX (Solaris - SunOS), Windows (2000), Windows (2003)

Message History:   None.


 Source Message Contents

Subject:  Websense Reporter - Password Disclosure Vulnerability

Hello,

I found a security issue in Websense Reporter. The SA password for Websense
reporter module was stored in a log file and after this file was archive in
a zip file and never removed. This SQL database contains sensitive
informations like information from all Websense products and all Internet
users activity.



My advisory is on my website :

Title: Websense Reporter - Password Disclosure Vulnerability
Criticality: Medium (2/3)
Affected software: Websense Enterprise v6.3.2 / Websense Reporter
Author: Eric BEAULIEU, eric.beaulieu \[at\] zebux.org, http:\\www.zebux.org
Discovery Date: 10-13-2008
Location URL:
http://www.zebux.org/pub/Advisory/Advisory_Websense_Reporter_Password_Disclosure_200810.txt

Summary
-------
A vulnerability has been discover in Websense Reporter Module, which could
be exploited by local attackers to gain knowledge of sensitive information.

Description
-----------
A vulnerability has been discover in Websense Reporter Module, which could
be exploited by local attackers to gain knowledge of sensitive information.
It is possible to gain local SQL administrator access by accessing plaintext
password that is stored in "CreateDbInstall.log" log file. The installer
create this log file during installation process and if you have a local SQL
server on your Websense Reporter Server.


Solution
--------
After the Websense Reporter installation erase "CreateDbInstall.log" log
file and any archive file contain this log file.
Upgrade to Websense v7, this version does not use Websense Reporter.


Workaround
----------
Erase "CreateDbInstall.log" log file and any archive file contain this log
file.

References
----------

Timeline
--------
14-03-2008 - Vulnerability researched and confirmed
18-03-2008 - Vulnerability reported to vendor
20-03-2008 - Vendor confirmed the security issue
13-10-2008 - Vendor contacted to have a stat of the fix process

Revision history
----------------
19-03-2008 - 1.0 - Advisory written
13-10-2008 - 1.1 - Advisory updated


If you have any question, please feel free to contact me, thank in advance

Eric BEAULIEU


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC