CVE-2014-0347
First published: Sat Apr 12 2014(Updated: )
The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type="password" with type="text" in an INPUT element in the (1) Log Database or (2) User Directories component.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Websense Triton Unified Security Center | =7.7.3 | |
| Websense Triton Web Filter | =7.7.3 | |
| Websense Triton Web Security | =7.7.3 | |
| Websense Triton Web Security Gateway | =7.7.3 | |
| Websense Triton Web Security Gateway Anywhere | =7.7.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- vendor/websense
- canonical/websense triton unified security center
- version/websense triton unified security center/7.7.3
- canonical/websense triton web filter
- version/websense triton web filter/7.7.3
- canonical/websense triton web security
- version/websense triton web security/7.7.3
- canonical/websense triton web security gateway
- version/websense triton web security gateway/7.7.3
- canonical/websense triton web security gateway anywhere
- version/websense triton web security gateway anywhere/7.7.3