CVE-2004-2397 Information

Description

The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1 when importing a private key stores the key and its passphrase in plaintext in a log file which allows attackers to steal digital certificates.

Reference

http://secunia.com/advisories/11627 http://www.bluecoat.com/support/knowledge/advisory_private_key_compromise.html http://www.osvdb.org/6218 http://www.securityfocus.com/bid/10371 https://exchange.xforce.ibmcloud.com/vulnerabilities/16182