Vulnerabilities > CVE-2009-2312 - Cryptographic Issues vulnerability in Mcafee Smartfilter 4.2.1.00

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
mcafee
CWE-310
NVD
Published: 2009-07-02
Updated: 2024-11-21

Summary

SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in cleartext in config.txt and uses insecure permissions for this file, which allows local users to gain privileges.

Vulnerable Configurations

Part Description Count
Application
Mcafee
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Seebug

bulletinFamilyexploit
descriptionBugraq ID: 35756 CVE ID:CVE-2009-2312 CVE-2009-2429 CNCVE ID:CNCVE-20092312 CNCVE-20092429 McAfee SmartFilter是一款网站过滤解决方案。 McAfee SmartFilter存在设计问题,本地攻击者可以利用漏洞获得敏感信息。 用于proxy服务器验证的SmartFilter user ID的用户名和明文文本密码保存在c:\Program Files\Secure Computing\Smartfilter Administration\server目录下的config子目录中,利用这些敏感信息可对系统进行进一步攻击。 0 McAfee SmartFilter 4.2.1.00 厂商解决方案 目前没有解决方案提供: http://www.securecomputing.com/
idSSV:11863
last seen2017-11-19
modified2009-07-23
published2009-07-23
reporterRoot
titleMcAfee SmartFilter信息泄漏漏洞

References