Insecure Storage of Credentials in SmartFilter Web Gateway by Secure Computing
CVE-2009-2429

Currently unrated

Key Information:

Vendor: Mcafee
Status: Smartfilter
Vendor: CVE Published:; 10 July 2009

Summary

The SmartFilter Web Gateway Security 4.2.1.00 contains a vulnerability that stores user credentials in plain text within admin_backup.xml files. This insecure storage method, combined with permissions that do not adequately protect these files, can allow local users to elevate their privileges and gain unauthorized access to sensitive information. Users should review their system configurations and implement necessary security measures to safeguard credential storage.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/49338

vdb-entryx_refsource_XF

http://archives.neohapsis.com/archives/fulldisclosure/200...

mailing-listx_refsource_FULLDISC

http://secunia.com/advisories/34390

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jul 10, 2009
Vulnerability Reserved
Jul 10, 2009