Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - McAfee Web Gateway: password hash disclosure

July 2014 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker, who is allowed to see the Accounts tab, can obtain
the hash of administrators’ passwords of McAfee Web Gateway, in
order to perform a brute force.

Impacted products: McAfee Web Gateway

Severity: 1/4

Creation date: 18/07/2014

DESCRIPTION OF THE VULNERABILITY

The McAfee Web Gateway product provides an administration
interface.

However, the Accounts tab of this interface contains SHA1 hashes
of administrator passwords.

An attacker, who is allowed to see the Accounts tab, can therefore
obtain the hash of administrators’ passwords of McAfee Web
Gateway, in order to perform a brute force.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/McAfee-Web-Gateway-password-hash-disclosure-15072


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts