Session Management Flaw in McAfee Email and Web Security
CVE-2012-4581

Currently unrated

Key Information:

Vendor: Mcafee
Status: Email And Web Security; Email Gateway
Vendor: CVE Published:; 22 August 2012

Summary

A vulnerability in McAfee Email and Web Security and McAfee Email Gateway allows attackers to exploit improper session token handling. When the Management Console or Dashboard is closed, the server-side session token remains active, potentially leading to session hijacking. This occurs when an attacker captures a valid session cookie and manipulates it to gain unauthorized access. To mitigate this risk, it is crucial to apply the latest security patches and follow best practices for session management.

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 22, 2012