Vigil@nce - Websense Web Filter/Security: password disclosure
April 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use the Manager of Websense Web Filter or Websense
Web Security, in order to obtain sensitive information.
– Impacted products: Websense Web Filter, Websense Web Security
– Severity: 2/4
– Creation date: 07/04/2014
DESCRIPTION OF THE VULNERABILITY
The Websense Web Filter/Security product offers a web service.
The Web Security Manager hides user’s password. However, an
attacker can read the source code of the HTML page, in order to
see the password.
An attacker can therefore use the Manager of Websense Web Filter
or Websense Web Security, in order to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Websense-Web-Filter-Security-password-disclosure-14532