The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Secure Web SmartFilter: information disclosure

Synthesis of the vulnerability 

Passwords are stored in clear form in some files of Secure Computing Secure Web SmartFilter.
Vulnerable systems: Webwasher.
Severity of this threat: 1/4.
Creation date: 23/03/2009.
Références of this weakness: VIGILANCE-VUL-8552.

Description of the vulnerability 

The administration console of the Secure Computing Secure Web SmartFilter product stores its configuration in the C:\Program Files\Secure Computing\Smartfilter Administration\server\config\ directory.

However, access rights of config.txt and admin_backup.xml files allows a local attacker to read them. These files can contain a password to access to the proxy.

A local attacker can therefore obtain a password to connect to the proxy.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness impacts software or systems such as Webwasher.

Our Vigil@nce team determined that the severity of this vulnerability announce is low.

The trust level is of type unique source, with an origin of user shell.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this threat bulletin.

Solutions for this threat 

Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer vulnerability bulletin. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.