Design/Logic Flaw

Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management NSM before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes...

CVE-2017-3962 McAfee Network Security Management (NSM) - Password recovery exploitation vulnerability

Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management NSM before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes...

McAfee Security Scan Plus < 3.11.599.3 LiveSafe Non-certificate-based Authentication HTTP Backend-response Handling MitM Registry Value Manipulation (TS102723)

The version of McAfee Security Scan Plus installed on the remote Windows host is prior to 3.11.599.3. It is, therefore, affected by a flaw in the non-certificate-based authentication mechanism that is triggered during the handling of HTTP backend-responses. This may allow a man-in-the-middle...

CVE-2017-3898

A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe MLS versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response...