[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    NGS00157 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Password hashes can be r
From:       "Research () NGSSecure" <research () ngssecure ! com>
Date:       2012-03-29 7:50:31
Message-ID: 7E45577E4E72EC42BB3F8560D57E755145A995F3 () manexchprd01
[Download RAW message or body]

Medium Risk Vulnerability in McAfee Email and Web Security Appliance

29 March 2012

Ben Williams of NGS Secure has discovered a medium risk vulnerability in the McAfee \
Email and Web Security Appliance  

Impact: Password hashes can be recovered from a system backup and easily cracked

Versions affected:

All versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, McAfee Email \
Gateway 7.0 Patch 1

NGS Secure is going to withhold details of this flaw for three months. This three \
month window will allow users the time needed to apply the patch before the details \
are released to the general public. This reflects the NGS Secure approach to \
responsible disclosure.

NGS Secure Research
http://www.ngssecure.com/research.aspx






 


[prev in list] [next in list] [prev in thread] [next in thread]