Vulnerabilities > CVE-2008-4646 - Credentials Management vulnerability in Websense Enterpise 6.3.2

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

websense

CWE-255

NVD

Published: 2008-10-22

Updated: 2011-03-08

Summary

The Websense Reporter Module in Websense Enterprise 6.3.2 stores the SQL database system administrator password in plaintext in CreateDbInstall.log, which allows local users to gain privileges to the database.

Vulnerable Configurations

Part	Description	Count
Application	Websense Websense Enterpise 6.3.2	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://www.securitytracker.com/id?1021058
http://secunia.com/advisories/32264
http://www.securityfocus.com/bid/31746
http://www.zebux.org/pub/Advisory/Advisory_Websense_Reporter_Password_Disclosure_200810.txt
http://www.vupen.com/english/advisories/2008/2819