NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2004-q1

[SA11013] Symantec Firewall / VPN 100/200/200R Exposure of Password

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Tue Mar 02 2004 - 04:09:03 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Symantec Firewall / VPN 100/200/200R Exposure of Password

SECUNIA ADVISORY ID:
SA11013

VERIFY ADVISORY:
http://secunia.com/advisories/11013/

CRITICAL:
Not critical

IMPACT:
Exposure of sensitive information

WHERE:
Local system

SOFTWARE:
Symantec Firewall / VPN 100/200/200R

DESCRIPTION:
Davide Del Vecchio has discovered a security issue in Symantec
Firewall / VPN 100/200/200R, possibly allowing malicious people to
see passwords.

The problem is that passwords are entered in clear text without being
masking in a HTML form. This may allow other people with physical
access to see a password when it is entered.

This affects Symantec Firewall / VPN 100, 200, and 200R.

SOLUTION:
Symantec has issued patches.

Symantec Firewall / VPN 200R:
ftp://ftp.symantec.com/public/english_us_canada/products/symantec_firewall_vpn_appliance/updates/vpn200R_161_app.zip

Symantec Firewall / VPN 200:
ftp://ftp.symantec.com/public/english_us_canada/products/symantec_firewall_vpn_appliance/updates/vpn200_161_app.zip

Symantec Firewall / VPN 100:
ftp://ftp.symantec.com/public/english_us_canada/products/symantec_firewall_vpn_appliance/updates/vpn100_161_app.zip

PROVIDED AND/OR DISCOVERED BY:
Davide Del Vecchio

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]