Vulnerability Note VU#568252
Websense Triton Unified Security Center 7.7.3 information disclosure vulnerability
Websense Triton Unified Security Center 7.7.3 and possibly earlier versions contains an information disclosure vulnerability which could allow an authenticated attacker to view stored credentials of a possibly higher privileged user.
CWE-200: Information Exposure
When logged into the Websense Triton Unified Security Center 7.7.3 and possibly earlier versions with any permission level, it is possible to navigate to the “Log Database” or “User Directories” portions of the “Settings” module. In either section, it is possible to use a web browser to “Inspect Elements” within the page.
An authenticated attacker can view stored credentials of a possibly higher privileged user.
Additional information can be found in Websense V7.7.3 HF31 Manager Password Vulnerability issue advisory.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|WebSense||Affected||28 Jan 2014||25 Mar 2014|
CVSS Metrics (Learn More)
Thanks to Patrick Kelley of Critical Assets for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: CVE-2014-0347
- Date Public: 24 Mar 2014
- Date First Published: 07 Apr 2014
- Date Last Updated: 07 Apr 2014
- Document Revision: 17
If you have feedback, comments, or additional information about this vulnerability, please send us email.