Design/Logic Flaw

2008-10-2200:11:00

PRIOn knowledge base

www.prio-n.com

7.9 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The Websense Reporter Module in Websense Enterprise 6.3.2 stores the SQL database system administrator password in plaintext in CreateDbInstall.log, which allows local users to gain privileges to the database.

CPENameOperatorVersion
enterpiseeq6.3.2

CPE	Name	Operator	Version
	enterpise	eq	6.3.2

References

secunia.com/advisories/32264

www.securityfocus.com/bid/31746

www.securitytracker.com/id?1021058

www.vupen.com/english/advisories/2008/2819

www.zebux.org/pub/Advisory/Advisory_Websense_Reporter_Password_Disclosure_200810.txt