First published: Wed Oct 29 2014(Updated: )
McAfee Network Data Loss Prevention (NDLP) before 9.3 does not disable the autocomplete setting for the password and other fields, which allows remote attackers to obtain sensitive information via unspecified vectors.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
McAfee Network Data Loss Prevention | <=9.2.2 | |
McAfee Network Data Loss Prevention | =8.6 | |
McAfee Network Data Loss Prevention | =9.2.0 | |
McAfee Network Data Loss Prevention | =9.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-8524 is classified as a medium severity vulnerability.
To fix CVE-2014-8524, update McAfee Network Data Loss Prevention to version 9.3 or later.
CVE-2014-8524 allows remote attackers to potentially access sensitive information, including passwords.
CVE-2014-8524 affects McAfee Network Data Loss Prevention versions before 9.3, including 8.6 and 9.2.0 to 9.2.2.
Yes, CVE-2014-8524 can be exploited remotely due to improper handling of autocomplete settings.