CVE-2014-0347

2014-04-1204:37:31

CWE-255

[email protected]

web.nvd.nist.gov

cve-2014-0347

websense

triton

unified security center

cleartext password

disclosure

vulnerability

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.9%

JSON

The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type=“password” with type=“text” in an INPUT element in the (1) Log Database or (2) User Directories component.

Affected configurations

NVD

Node

websensetriton_unified_security_centerMatch7.7.3

websensetriton_web_filterMatch7.7.3

websensetriton_web_securityMatch7.7.3

websensetriton_web_security_gatewayMatch7.7.3

websensetriton_web_security_gateway_anywhereMatch7.7.3

CPENameOperatorVersion
websense:triton_unified_security_centerwebsense triton unified security centereq7.7.3
websense:triton_web_filterwebsense triton web filtereq7.7.3
websense:triton_web_securitywebsense triton web securityeq7.7.3
websense:triton_web_security_gatewaywebsense triton web security gatewayeq7.7.3
websense:triton_web_security_gateway_anywherewebsense triton web security gateway anywhereeq7.7.3

CPE	Name	Operator	Version
websense:triton_unified_security_center	websense triton unified security center	eq	7.7.3
websense:triton_web_filter	websense triton web filter	eq	7.7.3
websense:triton_web_security	websense triton web security	eq	7.7.3
websense:triton_web_security_gateway	websense triton web security gateway	eq	7.7.3
websense:triton_web_security_gateway_anywhere	websense triton web security gateway anywhere	eq	7.7.3