Websense multiple product Settings module credential leakage Vulnerability

Websense multiple product Settings module credential leakage Vulnerability

Release date:
Updated on:

Affected Systems:
Websense Web Filter 7.x
Websense Web Security Gateway 7.x
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2014-0347
 
Websense is a world-leading provider of integrated Web, information, and data security protection solutions.
 
When multiple Websense products process the password hash in the Log Database or User Directories form of the Settings module, an error occurs, which may cause another User's creden。 to be leaked. Affected products include:
 
* Versions earlier than Websense TRITON uniied Security Center 7.7.3 Hotfix 31
* Web Security Gateway versions earlier than 7.7.3 Hotfix 31
* Web Security Gateway versions earlier than 7.7.3 Hotfix 31
* Versions earlier than Websense Web Security 7.7.3 Hotfix 31
* Websense Web Filter versions earlier than 7.7.3 Hotfix 31
* Windows/Websense V-Series devices
 
<* Source: Patrick Kelley

Link: http://secunia.com/advisories/57732/
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
Websense
--------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
 
Https://www.websense.com/content/mywebsense-hotfixes.aspx? Patchid = 894 & prodidx = 20 & osidx = 0 & intidx = 0 & versionidx = 0

Reference: http://www.kb.cert.org/vuls/id/568252