Vulnerabilities > CVE-2002-0706 - Remote Security vulnerability in Surfcontrol Superscout web Filter and web Filter

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

surfcontrol

NVD

Published: 2002-10-10

Updated: 2016-10-18

Summary

UserManager.js in the Web Reports Server for SurfControl SuperScout WebFilter uses weak encryption for administrator functions, which allows remote attackers to decrypt the administrative password using a hard-coded key in a Javascript function.

Vulnerable Configurations

Part	Description	Count
Application	Surfcontrol Surfcontrol Superscout WEB Filter 3.0 Surfcontrol Superscout WEB Filter 3.0.3 Surfcontrol WEB Filter 4.0 Surfcontrol WEB Filter 4.1	4

References

http://marc.info/?l=bugtraq&m=103359690824103&w=2
http://www.iss.net/security_center/static/10247.php
http://www.osvdb.org/3491
http://www.westpoint.ltd.uk/advisories/wp-02-0005.txt