Details

CVE-2021-23884

A minor signature spoofing by mixing signed and unsigned content vulnerability in Content Security Reporter by McAfee.



Scroll down

Analysis

Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway (MWG) or the password of the McAfee Web Gateway Cloud Server (MWGCS) read only user used to retrieve log files for analysis in CSR.

CVSS2


This signature spoofing by mixing signed and unsigned content vulnerability has been classified with a low base score of 2.7, a low impact score of 2.9 and a medium exploitability score of 5.1.

Economic Impact


The economic impact provides a custom overview of the affected areas by this vulnerability. If there is a higher amount of predicted attacks, there is a higher probability to be affected by this vulnerability in this particular region.



CAPEC

Common Attack Pattern Enumeration and Classification (CAPEC) is a comprehensive dictionary and classification taxonomy of known attacks that can be used by analysts, developers, testers, and educators to deepen community understanding and enhance protection. The vulnerability has been classificated in 8 categories.

Harvesting Information via API Event Monitoring

An adversary hosts an event within an application framework and then monitors the data exchanged during the course of the event for the purpose of harvesting any important data leaked during the transactions. One example could be harvesting lists of usernames or userIDs for the purpose of sending spam messages to those users

Signature Spoofing by Mixing Signed and Unsigned Content

An attacker exploits the underlying complexity of a data structure that allows for both signed and unsigned content, to cause unsigned data to be processed as though it were signed data.

Sniff Application Code

An adversary passively sniffs network communications and captures application code bound for an authorized client. Once obtained, they can use it as-is, or through reverse-engineering glean sensitive information or exploit the trust relationship between the client and server

Session Sidejacking

Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic

Interception

An adversary monitors data streams to or from the target for information gathering purposes. This attack may be undertaken to solely gather sensitive information or to support a further attack against the target

CPE

CPE is a structured naming scheme for information technology systems, software, and packages. Based on a common Uniform Resource Identifier (URI) syntax, CPE includes a formal naming format, a method for validating system names, and a description format for attaching text and tests to the name.

All CPE details
+