SYNTHESIS OF THE VULNERABILITY

Passwords are stored in clear form in some files of Secure
Computing Secure Web SmartFilter.

Gravity : 1/4

Consequences : data reading

Provenance : user shell

Means of attack : 1 attack

Ability of attacker : technician (2/4)

Confidence : unique source (2/5)

Diffusion of the vulnerable configuration : high (3/3)

Creation date : 23/03/2009

IMPACTED PRODUCTS

– Secure Computing Secure Web

DESCRIPTION OF THE VULNERABILITY

The administration console of the Secure Computing Secure Web
SmartFilter product stores its configuration in the C :\Program
Files\Secure Computing\Smartfilter Administration\server\config\
directory.

However, access rights of config.txt and admin_backup.xml files
allows a local attacker to read them. These files can contain a
password to access to the proxy.

A local attacker can therefore obtain a password to connect to the
proxy.

CHARACTERISTICS

Identifiers : VIGILANCE-VUL-8552

http://vigilance.fr/vulnerability/Secure-Web-SmartFilter-information-disclosure-8552