Blue Coat Security Gateway Private Key Disclosure

2004-05-17T00:00:00
ID OSVDB:6218
Type osvdb
Reporter OSVDB
Modified 2004-05-17T00:00:00

Description

Vulnerability Description

Blue Coat Security Gateway OS contains a flaw that may lead to an unauthorized information disclosure.  The problem is that the private key and its pass-phrase will be logged in cleartext on an affected device when importing it via the web-based management console, which will disclose private keys associated with imported certificates resulting in a loss of confidentiality.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Blue Coat has released a patch to address this vulnerability.

Short Description

Blue Coat Security Gateway OS contains a flaw that may lead to an unauthorized information disclosure.  The problem is that the private key and its pass-phrase will be logged in cleartext on an affected device when importing it via the web-based management console, which will disclose private keys associated with imported certificates resulting in a loss of confidentiality.

References:

Secunia Advisory ID:11627 Other Advisory URL: http://www.bluecoat.com/support/knowledge/advisory_private_key_compromise.html ISS X-Force ID: 16182 CVE-2004-2397 Bugtraq ID: 10371