Symantec Firewall/VPN Appliance Cached Plaintext Password Vulnerability
BID:9784
Info
Symantec Firewall/VPN Appliance Cached Plaintext Password Vulnerability
| Bugtraq ID: | 9784 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Mar 02 2004 12:00AM |
| Updated: | Mar 02 2004 12:00AM |
| Credit: | The disclosure of this issue has been credited to Davide Del Vecchio. |
| Vulnerable: |
Symantec Firewall/VPN Appliance 200R Symantec Firewall/VPN Appliance 200 Symantec Firewall/VPN Appliance 100 |
| Not Vulnerable: | |
Discussion
Symantec Firewall/VPN Appliance Cached Plaintext Password Vulnerability
It has been reported that Symantec Firewall/VPN Appliance is prone to an issue where depending on browser settings; administration password credentials may be stored in the browser\proxy cache in plaintext format.
Symantec Firewall/VPN Appliance Models 100, 200, 200R are reported to be prone to this vulnerability.
It has been reported that Symantec Firewall/VPN Appliance is prone to an issue where depending on browser settings; administration password credentials may be stored in the browser\proxy cache in plaintext format.
Symantec Firewall/VPN Appliance Models 100, 200, 200R are reported to be prone to this vulnerability.
Exploit / POC
Symantec Firewall/VPN Appliance Cached Plaintext Password Vulnerability
There is no exploit required, the malicious party must simply obtain a cached administration authentication password page from a vulnerable host.
There is no exploit required, the malicious party must simply obtain a cached administration authentication password page from a vulnerable host.
Solution / Fix
Symantec Firewall/VPN Appliance Cached Plaintext Password Vulnerability
Solution:
The following patches were released to address this issue:
Symantec Firewall/VPN Appliance 100
Symantec Firewall/VPN Appliance 200
Symantec Firewall/VPN Appliance 200R
Solution:
The following patches were released to address this issue:
Symantec Firewall/VPN Appliance 100
-
Symantec vpn100_161_all.zip
ftp://ftp.symantec.com/public/english_us_canada/products/symantec_fire wall_vpn_appliance/updates/vpn100_161_all.zip -
Symantec vpn100_161_app.zip
ftp://ftp.symantec.com/public/english_us_canada/products/symantec_fire wall_vpn_appliance/updates/vpn100_161_app.zip
Symantec Firewall/VPN Appliance 200
-
Symantec vpn200_161_all.zip
ftp://ftp.symantec.com/public/english_us_canada/products/symantec_fire wall_vpn_appliance/updates/vpn200_161_all.zip -
Symantec vpn200_161_app.zip
ftp://ftp.symantec.com/public/english_us_canada/products/symantec_fire wall_vpn_appliance/updates/vpn200_161_app.zip
Symantec Firewall/VPN Appliance 200R
-
Symantec vpn200r_161_all.zip
ftp://ftp.symantec.com/public/english_us_canada/products/symantec_fire wall_vpn_appliance/updates/vpn200r_161_all.zip -
Symantec vpn200R_161_app.zip
ftp://ftp.symantec.com/public/english_us_canada/products/symantec_fire wall_vpn_appliance/updates/vpn200R_161_app.zip
References
Symantec Firewall/VPN Appliance Cached Plaintext Password Vulnerability
References:
References: