SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   McAfee Web Gateway Vendors:   McAfee
McAfee Web Gateway Accounts Tab Discloses Hashed Passwords to Remote Authenticated Users
SecurityTracker Alert ID:  1030675
SecurityTracker URL:  http://securitytracker.com/id/1030675
CVE Reference:   CVE-2014-6064   (Links to External Site)
Updated:  Sep 3 2014
Original Entry Date:  Aug 6 2014
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.3.2.8 and prior, 7.4.1.3 and prior
Description:   A vulnerability was reported in McAfee Web Gateway. A remote authenticated user can obtain hashed administrative passwords.

A remote authenticated user can access the Accounts tab of the administrative interface to obtain hashed passwords for administrator accounts.

The hashed passwords are unsalted and hashed with SHA1.

David Cash from NCC Group reported this vulnerability.

Impact:   A remote authenticated user can obtain hashed administrative passwords.
Solution:   The vendor has issued a fix (7.3.2.9, 7.4.2).

The vendor's advisory is available at:

https://kc.mcafee.com/corporate/index?page=content&id=SB10080

Vendor URL:  kc.mcafee.com/corporate/index?page=content&id=SB10080 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC