Vulnerabilities > CVE-2014-0347 - Credentials Management vulnerability in Websense products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type="password" with type="text" in an INPUT element in the (1) Log Database or (2) User Directories component.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Common Weakness Enumeration (CWE)
Nessus
| NASL family | Windows |
| NASL id | WEBSENSE_TRITON_USC_7_7_3_HF31.NASL |
| description | The remote application is running Websense Triton Unified Security Center, a component of the commercial suite of web filtering products. The remote instance of Websense Triton Unified Security Center fails to sanitize user-supplied input data in the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 73520 |
| published | 2014-04-15 |
| reporter | This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/73520 |
| title | Websense Triton 7.7.3 < 7.7.3 Hotfix 31 Information Disclosure |
Seebug
| bulletinFamily | exploit |
| description | Bugtraq ID:66687 CVE ID:CVE-2014-0347 Triton Unified Security Center是基于Web浏览器的图形管理的安全应用。 Triton Unified Security Center在实现上存在多个信息泄露漏洞,攻击者可利用这些漏洞查看高级用户存储的凭证。 0 Websense TRITON Unified Security Center 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: http://www.websense.com/content/support/library/deployctr/v76/tusc_cd.aspx |
| id | SSV:62088 |
| last seen | 2017-11-19 |
| modified | 2014-04-09 |
| published | 2014-04-09 |
| reporter | Root |
| title | Triton Unified Security Center多个信息泄露漏洞 |