Main Menu
Network
Sponsor
Top 10 Sites
Partners
|
|
Top Submit newsSubscribe 
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
| Sponsored links | Want to become one of our authors and see your work published on ALLSeek.iNFO ?
| | Symantec Firewall/VPN Appliance Displays Password When Edited |
|---|
Categorie: Vulnerability
Posted: 2004-02-17 by ReCall
Views: 381
Source: Click here
| Current Rating: Not rated
|
| | Details |
|---|
Description: A vulnerability was reported in the Symantec Firewall/VPN Appliance. A user may be able to obtain the administrator's password.
Davide Del Vecchio reported that when an administrator edits the password via the password administration page, the password is displayed in clear text. Because of this, the password will reportedly be cached by the administrator's web browser.
A local user on the administrator's computer may be able to access the password. A physically local user may be able to view the password when edited by an authenticated administrator. In addition, the report indicates that a remote user may be able to send malicious HTML to the target administrator to invoke the cached password.
[Editor's note: The remote administration is via non-secure HTTP, as indicated in the report, which creates a separate vulnerability. However, we have not issued an Alert regarding the use of non-secure HTTP, as an HTTP administration feature would create no expectations of secure password transmission.]
Impact: A local user on the administrator's computer may be able to access the password.
A physically local user may be able to view the password when edited by an authenticated administrator.
Solution: No solution was available at the time of this entry.
The vendor has reportedly indicated that the observed behavior is by design and is not a bug.
| | Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=723
| | User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
| Previous articleBack to news listNext article
|
|
|
|
InterJOB.su
|
