Vulnerability Note VU#568252

Websense Triton Unified Security Center 7.7.3 information disclosure vulnerability

Original Release date: 07 Apr 2014 | Last revised: 07 Apr 2014

Overview

Websense Triton Unified Security Center 7.7.3 and possibly earlier versions contains an information disclosure vulnerability which could allow an authenticated attacker to view stored credentials of a possibly higher privileged user.

Description

CWE-200: Information Exposure

When logged into the Websense Triton Unified Security Center 7.7.3 and possibly earlier versions with any permission level, it is possible to navigate to the “Log Database” or “User Directories” portions of the “Settings” module. In either section, it is possible to use a web browser to “Inspect Elements” within the page.

Password blocks are initially hashed within the page using the following form variable:
<input type=”password” id=”logDatabaseSettings:password” name =”logDatabaseSettings:password” maxlength=”50 size=”21>

However, due to the lack of proper form construction and hashing of password credentials, it is possible to change the string to the following and reload the page:
<input type=”text” id=”logDatabaseSettings:password” name =”logDatabaseSettings:password” maxlength=”50 size=”21>

Allowing the password credentials to be displayed in plain-text, along with the associated username.

Impact

An authenticated attacker can view stored credentials of a possibly higher privileged user.

Solution

Update

It has been reported that the vendor has addressed this vulnerability in Triton Unified Security Center 7.7.3 Hotfix 31. Affected users are advised to update to Triton Unified Security Center 7.7.3 Hotfix 31 or later.

The vendor has stated that the following products have also been updated to address this vulnerability.

  • Web Security Gateway Anywhere v7.7.3 Hotfix 31
  • Web Security Gateway v7.7.3 Hotfix 31
  • Websense Web Security v7.7.3 Hotfix 31
  • Websense Web Filter v7.7.3 Hotfix 31
  • Windows and Websense V-Series appliances

Additional information can be found in Websense V7.7.3 HF31 Manager Password Vulnerability issue advisory.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
WebSenseAffected28 Jan 201425 Mar 2014
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N
Temporal 2.9 E:F/RL:OF/RC:C
Environmental 0.9 CDP:L/TD:L/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Patrick Kelley of Critical Assets for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

  • CVE IDs: CVE-2014-0347
  • Date Public: 24 Mar 2014
  • Date First Published: 07 Apr 2014
  • Date Last Updated: 07 Apr 2014
  • Document Revision: 17

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.