Thursday, 15 March 2012

McAfee Security Gateway patched this week for the issues I reported

Fair play to McAfee for fixing these issues, giving an accurate description of the issues and crediting me with the discovery. This is probably one of the best customer notifications I have seen from the vendors I have dealt with during my research project.

https://kc.mcafee.com/corporate/index?page=content&id=SB10020


Affected Software: McAfee Email and Web Security 5.x, McAfee Email Gateway 7.0


NGS00153 – Reflected XSS
McAfee Email and Web Security Appliance Software 5.x/ McAfee Email Gateway 7.0 is prone to reflective XSS allowing an attacker to gain session tokens and run arbitrary Javascript in the context of the administrators browser and the McAfee Security Appliance Management Console/Dashboard.

NGS00154 – Logout Failure (I would have called this session-management issues, but whatever)
When an administrator closes the Management console/Dashboard without clicking logout and returns to the Dashboard later, they appear to be logged out, however, this is simply the state of the Javascript in his browser, and the session-token is still be active on the server-side. If an attacker gains a session-cookie (perhaps using XSS, or by some other means), they can make a dummy login attempt (with a dummy password) and simply edit the (failure) response. They will then be logged-in, and can use the Dashboard as if he had logged-in as the administrator.

NGS00155 – Password Reset issue
Any logged-in user can bypass controls to reset passwords of other administrators.

NGS00156 – Session Disclosure
Active session tokens of other users are disclosed within the Dashboard.

NGS00157 – Weak Encryption of Backups
Password hashes can be recovered from a system backup and easily cracked.

NGS00158 – File Download Issue
Arbitrary file download is possible with a crafted URL, when logged in as any user.

NGS00159 – File Content Leakage
File contents disclosure as if root user, when logged in as any user.

8 comments:

  1. Thanks for such a nice information.

    ReplyDelete
    Replies
    1. QUALITY SSN DOB DL HIGH CREDIT SCORES Leads
      CC with CVV Fullz (USA, UK, CANADA)
      Tutorials & E-Books For Ethical Hacking
      Tools For Everything You Need

      I'm On Telegram = @killhacks & I C Q = 752822040

      Stuff available for
      (Spamming, Carding, Ethical Hacking, LINUX, Programming, Scripting, etc. )

      Deals in all kind of Tools, Tutorials, E-books, Leads/Fullz/Pros
      Availability 24/7
      FASTEST DELIVERY

      Build Your Own Business with proper guide & Legit Tools
      Always glad to serve

      GOOD LUCK
      Here I'm:
      I C Q = 752822040
      Tele-gram = @killhacks

      Delete
  2. Very Knowledgeable and helpful post..

    ReplyDelete
  3. Because of the trending virus attacks such post would certainly to get the right antivirus support

    ReplyDelete
  4. Nice Blog!!
    At Computer Repair Online, you an fix your PC issues at home. Just visit here at:
    Computer Repair Online

    Computer Repair Near Me

    ReplyDelete