Vulnerabilities > CVE-2014-0347 - Credentials Management vulnerability in Websense products

047910
CVSS 3.5 - LOW
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
websense
CWE-255
nessus

Summary

The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type="password" with type="text" in an INPUT element in the (1) Log Database or (2) User Directories component.

Common Weakness Enumeration (CWE)

Nessus

NASL familyWindows
NASL idWEBSENSE_TRITON_USC_7_7_3_HF31.NASL
descriptionThe remote application is running Websense Triton Unified Security Center, a component of the commercial suite of web filtering products. The remote instance of Websense Triton Unified Security Center fails to sanitize user-supplied input data in the
last seen2020-06-01
modified2020-06-02
plugin id73520
published2014-04-15
reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/73520
titleWebsense Triton 7.7.3 < 7.7.3 Hotfix 31 Information Disclosure

Seebug

bulletinFamilyexploit
descriptionBugtraq ID:66687 CVE ID:CVE-2014-0347 Triton Unified Security Center是基于Web浏览器的图形管理的安全应用。 Triton Unified Security Center在实现上存在多个信息泄露漏洞,攻击者可利用这些漏洞查看高级用户存储的凭证。 0 Websense TRITON Unified Security Center 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: http://www.websense.com/content/support/library/deployctr/v76/tusc_cd.aspx
idSSV:62088
last seen2017-11-19
modified2014-04-09
published2014-04-09
reporterRoot
titleTriton Unified Security Center多个信息泄露漏洞