Vulnerability Note VU#221620
Blue Coat ProxySG local user changes contain a time and state vulnerability
Changes to Blue Coat ProxySG local users do not take effect immediately, giving an attacker with known credentials a window of opportunity to use those credentials even if the user was deleted or the password was changed. (CWE-361)
Blue Coat Security Advisory SA77 states:
SGOS supports multiple types of authentication realms for authenticating administrative and proxy users. Most authentication realms use remote authentication databases. Locally defined users and user lists are in the local authentication realm. The local authentication realm is typically used for administrative and console access, but can be used for proxy users as well.
An attacker with knowledge of existing credentials may be able to log in as that user even after the account was deleted. If the local realm is used for console access then the credentials may be used to compromise administrative access.
Apply an Update
If you are unable to upgrade, please consider the following workarounds.
After changing a password, immediately log in with the new password or attempt to log in with an incorrect password.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Blue Coat Systems||Affected||-||28 Feb 2014|
CVSS Metrics (Learn More)
Thanks to Blue Coat for reporting this vulnerability.
This document was written by Jared Allar.
- CVE IDs: CVE-2014-2033
- Date Public: 21 Feb 2014
- Date First Published: 28 Feb 2014
- Date Last Updated: 28 Feb 2014
- Document Revision: 7
If you have feedback, comments, or additional information about this vulnerability, please send us email.