Vulnerability Note VU#568252
Websense Triton Unified Security Center 7.7.3 information disclosure vulnerability
Original Release date: 07 Apr 2014 | Last revised: 07 Apr 2014

Overview
Websense Triton Unified Security Center 7.7.3 and possibly earlier versions contains an information disclosure vulnerability which could allow an authenticated attacker to view stored credentials of a possibly higher privileged user.

Description
CWE-200: Information Exposure
When logged into the Websense Triton Unified Security Center 7.7.3 and possibly earlier versions with any permission level, it is possible to navigate to the “Log Database” or “User Directories” portions of the “Settings” module. In either section, it is possible to use a web browser to “Inspect Elements” within the page.

Password blocks are initially hashed within the page using the following form variable:
<input type=”password” id=”logDatabaseSettings:password” name =”logDatabaseSettings:password” maxlength=”50· size=”21·>

However, due to the lack of proper form construction and hashing of password credentials, it is possible to change the string to the following and reload the page:
<input type=”text” id=”logDatabaseSettings:password” name =”logDatabaseSettings:password” maxlength=”50· size=”21·>

Allowing the password credentials to be displayed in plain-text, along with the associated username.

Impact
An authenticated attacker can view stored credentials of a possibly higher privileged user.

Solution
Update

It has been reported that the vendor has addressed this vulnerability in Triton Unified Security Center 7.7.3 Hotfix 31. Affected users are advised to update to Triton Unified Security Center 7.7.3 Hotfix 31 or later.

The vendor has stated that the following products have also been updated to address this vulnerability.

Web Security Gateway Anywhere v7.7.3 Hotfix 31
Web Security Gateway v7.7.3 Hotfix 31
Websense Web Security v7.7.3 Hotfix 31
Websense Web Filter v7.7.3 Hotfix 31
Windows and Websense V-Series appliances

Additional information can be found in Websense V7.7.3 HF31 Manager Password Vulnerability issue advisory.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate UpdatedWebSenseAffected28 Jan 201425 Mar 2014If you are a vendor and your product is affected, let
us know.

CVSS Metrics (Learn More)

Group
Score
Vector

Base
3.5
AV:N/AC:M/Au:S/C:P/I:N/A:N

Temporal
2.9
E:F/RL:OF/RC:C

Environmental
0.9
CDP:L/TD:L/CR:ND/IR:ND/AR:ND

References

https://www.websense.com/content/web-security-gateway-anywhere-features.aspx
https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894&prodidx=20&osidx=0&intidx=0&versionidx=0
http://cwe.mitre.org/data/definitions/200.html

Credit

Thanks to Patrick Kelley of Critical Assets for reporting this vulnerability.
This document was written by Michael Orlando.

Other Information

CVE IDs:
CVE-2014-0347

Date Public:
24 Mar 2014

Date First Published:
07 Apr 2014

Date Last Updated:
07 Apr 2014

Document Revision:
17

FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email.

Leave a Reply