Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4605

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-4605
Last Modified 17 Jan 2014 12:09:17
Published 23 Aug 2012 06:32:15
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4605

Summary

The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.

Vulnerable Systems

Application

  • Websense Email Security 6.1

  • Websense Email Security 7.0

  • Websense Email Security 7.1

  • Websense Email Security 7.2


References

CONFIRM - http://www.websense.com/support/article/kbarticle/SSL-TLS-weak-and-export-ciphers-detected-in-Websense-Email-Security-deployments

XF - websense-smtp-info-disc(78131)

BID - 64758


Last Updated: 27 May 2016 11:00:18