Insecure Credential Storage in SmartFilter Web Gateway by Secure Computing
CVE-2009-2312

Currently unrated

Key Information:

Vendor: Mcafee
Status: Smartfilter
Vendor: CVE Published:; 2 July 2009

What is CVE-2009-2312?

The SmartFilter Web Gateway version 4.2.1.00 from Secure Computing has a vulnerability that exposes user credentials. It stores these credentials in cleartext within the config.txt file and applies insecure permissions to this file. This flaw enables local users to access sensitive information, potentially allowing them to escalate their privileges within the system.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/49338

vdb-entryx_refsource_XF

http://archives.neohapsis.com/archives/fulldisclosure/200...

mailing-listx_refsource_FULLDISC

http://secunia.com/advisories/34390

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2009
Vulnerability Reserved
Jul 2, 2009

Mcafee

What is CVE-2009-2312?

References

Timeline