Credentials management in Trustwave WebDefend



| Updated: 2020-08-11
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2011-0756
CWE-ID CWE-255
Exploitation vector Network
Public exploit N/A
Vulnerable software
 WebDefend
Other software / Other software solutions

Vendor Trustwave

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Credentials management

EUVDB-ID: #VU45063

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2011-0756

CWE-ID: CWE-255 - Credentials Management

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port.

Mitigation

Install update from vendor's website.

Vulnerable software versions

WebDefend: 2.0

CPE2.3 External links

https://securitytracker.com/id?1025447
https://www.trustwave.com/spiderlabs/advisories/TWSL2011-001.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###