发布时间 :2004-03-15 00:00:00
修订时间 :2016-10-17 22:41:39

[原文]Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges.

[CNNVD]Symantec FireWall/VPN Appliance model 200 (CNNVD-200403-066)

        Symantec FireWall/VPN Applianc模块200记录密码管理页面的明文密码漏洞。漏洞可能在管理员的本地系统或者代理中缓存,攻击者借助该漏洞盗取密码及获得特权。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/h:symantec:firewall_vpn_appliance_200rSymantec Firewall_VPN Appliance 200R
cpe:/h:symantec:firewall_vpn_appliance_100Symantec Firewall_VPN Appliance 100
cpe:/h:symantec:firewall_vpn_appliance_200Symantec Firewall_VPN Appliance 200

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  FULLDISC  20040216 Symantec FireWall/VPN Appliance model 200 leak of security
(UNKNOWN)  BUGTRAQ  20040216 Symantec FireWall/VPN Appliance model 200 leak of security
(VENDOR_ADVISORY)  XF  symantec-firewallvpn-password-plaintext(15212)

- 漏洞信息

Symantec FireWall/VPN Appliance model 200
高危 未知
2004-03-15 00:00:00 2005-05-13 00:00:00
        Symantec FireWall/VPN Applianc模块200记录密码管理页面的明文密码漏洞。漏洞可能在管理员的本地系统或者代理中缓存,攻击者借助该漏洞盗取密码及获得特权。

- 公告与补丁


- 漏洞信息

Symantec Firewall / VPN Appliance Exposure of Password
Physical Access Required Information Disclosure
Loss of Confidentiality

- 漏洞描述

Symantec Firewall and VPN appliances contain a flaw that may lead to an unauthorized password exposure. The problem is that passwords are entered in plaintext without being masked in a HTML form. Hence it allows other people with physical access to see a password when it is entered, which may lead to a loss of confidentiality.

- 时间线

2004-03-02 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Symantec has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者