| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Mar 2009 11:42:51 -0700 From: "Daniel Sichel" <daniels@...derosatel.com> To: <full-disclosure@...ts.grok.org.uk> Subject: Secure Computing (McAfee) Smart Filter possible issue While resolving a tech support issue with McAfee Smart Filter I found the clear text password and user name of the SmartFilter user ID that authenticates to the proxy server in at least one place, the config.txt file in the config subdirectory under c:\Program Files\Secure Computing\Smartfilter Administration\server. I am not sure if this only if you are using Smartfilter for the (deprecated) web proxy on your Sidewinder G2, or whether it pertains also if you are only using this for HTTP proxy. Therefore this issue may be actually somewhat out of date. The issue occurred on our Smartfilter Admin server, which is a Windows server that runs the web filtering software and updates the Sidewinder and handles reporting of stats. THIS IS NOT AN ISSUE ON THE FIREWALL ITSELF. The Sidewinder G2 remains rock solid. Anyway, default permissions on this file include read access for local machine users, power users and, oddly, Terminal server users. Administrators of course, have full control. Has anybody else seen this? Dan S. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists