[原文]Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges.
[CNNVD]Symantec FireWall/VPN Appliance model 200 (CNNVD-200403-066)
Symantec Firewall / VPN Appliance Exposure of Password
Physical Access Required
Information Disclosure
Loss of Confidentiality
-
漏洞描述
Symantec Firewall and VPN appliances contain a flaw that may lead to an unauthorized password exposure. The problem is that passwords are entered in plaintext without being masked in a HTML form. Hence it allows other people with physical access to see a password when it is entered, which may lead to a loss of confidentiality.
-
时间线
2004-03-02
Unknow
Unknow
Unknow
-
解决方案
Currently, there are no known workarounds or upgrades to correct this issue. However, Symantec has released a patch to address this vulnerability.