Vulnerabilities > CVE-2008-4646 - Credentials Management vulnerability in Websense Enterpise 6.3.2

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

websense

CWE-255

NVD

Published: 2008-10-22

Updated: 2011-03-08

Summary

The Websense Reporter Module in Websense Enterprise 6.3.2 stores the SQL database system administrator password in plaintext in CreateDbInstall.log, which allows local users to gain privileges to the database.

Vulnerable Configurations

Part	Description	Count
Application	Websense Websense Enterpise 6.3.2	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://secunia.com/advisories/32264
http://www.securityfocus.com/bid/31746
http://www.securitytracker.com/id?1021058
http://www.vupen.com/english/advisories/2008/2819
http://www.zebux.org/pub/Advisory/Advisory_Websense_Reporter_Password_Disclosure_200810.txt