#VU45062 Credentials management in WebDefend - CVE-2011-1906

Cybersecurity Help s.r.o.

Published: 2011-05-05 | Updated: 2020-08-11

Vulnerability identifier: #VU45062

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2011-1906

CWE-ID: CWE-255

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
WebDefend
Other software / Other software solutions

Vendor: Trustwave

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756.

Mitigation
Install update from vendor's website.

Vulnerable software versions

WebDefend: 2.0 - 3.0

External links
https://securitytracker.com/id?1025447
https://www.trustwave.com/spiderlabs/advisories/TWSL2011-001.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Credentials management in Trustwave WebDefend